无法更新本地掌握的目录同步对象的指定属性 - 更新 Azure 广告中的用户管理器属性
Unable to update the specified properties for on-premises mastered Directory Sync objects - Updating users manager attribute in azure ad
我已竭尽全力寻找解决方案,希望得到一些指导。
我正在寻找更新在预置广告中填充的用户管理器属性,但 azure/365 据我所知不要复制它。
所以我必须使用以下代码手动更改它们;
Set-AzureADUserManager -ObjectId "usersid" -RefObjectId "managersid"
一旦我 运行 它失败并出现以下错误;
Code: Request_BadRequest
Message: Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration.
RequestId:
HttpStatusCode: BadRequest
HttpStatusDescription: Bad Request
HttpResponseStatus: Completed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Set-AzureADUserManager], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.SetUserManager
我不确定这是什么问题,因为用户管理器在天蓝色中与 windows 广告作为源同步。
谢谢。
根据 the docs Manager 属性 是 同步的。
此处的 Get 和 Set cmdlet 都需要 DistinguishedName、ObjectGUID、ObjectSID 或 SamAccountName 作为 -Identity 和 -Manager 参数。
你应该可以做到:
# set the manager property for the user
Get-ADUser -Identity "<THE USER>" | Set-ADUser -Manager "<THE MANAGER>"
之后,您可以使用如下方式强制执行 AD 同步:
$server = 'YourAzureConnectServer'
$cred = Get-Credential -Message 'Please enter user name and password for AD Sync'
$session = New-PSSession -ComputerName $server -Credential $cred
Invoke-Command -Session $session {
if (Get-ADSyncConnectorRunStatus) {
Write-Warning "A sync is already in progress. Please try again later."
}
else {
Write-Host "Initializing Azure AD Delta Sync..." -ForegroundColor Yellow
try {
Start-ADSyncSyncCycle -PolicyType Delta -ErrorAction Stop
Write-Host "Waiting for Sync to start.."
# give the Sync Connector 10 seconds time to start-up
Start-Sleep -Seconds 10
Write-Host "Waiting for Sync to finish.."
While(Get-ADSyncConnectorRunStatus) {
Write-Host "." -NoNewline
Start-Sleep -Seconds 5
}
Write-Host
Write-Host "Azure AD Sync has finished." -ForegroundColor Green
}
catch {
Write-Error $_
}
}
}
Remove-PSSession $session
您还可以使用Start-ADSyncSyncCycle -PolicyType Initial
强制进行全属性同步
似乎我需要向同步规则编辑器添加同步规则 - 我遵循了以下 - [Link] (blog.kloud.com.au/2016/11/14/…) - 我添加了在 ad 和 azure 之间同步并再次同步的规则,这似乎已经解决了问题,不需要 ps 脚本。 - 再次感谢@theo 的帮助。 –
我已竭尽全力寻找解决方案,希望得到一些指导。
我正在寻找更新在预置广告中填充的用户管理器属性,但 azure/365 据我所知不要复制它。
所以我必须使用以下代码手动更改它们;
Set-AzureADUserManager -ObjectId "usersid" -RefObjectId "managersid"
一旦我 运行 它失败并出现以下错误;
Code: Request_BadRequest
Message: Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration.
RequestId:
HttpStatusCode: BadRequest
HttpStatusDescription: Bad Request
HttpResponseStatus: Completed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Set-AzureADUserManager], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.SetUserManager
我不确定这是什么问题,因为用户管理器在天蓝色中与 windows 广告作为源同步。
谢谢。
根据 the docs Manager 属性 是 同步的。
此处的 Get 和 Set cmdlet 都需要 DistinguishedName、ObjectGUID、ObjectSID 或 SamAccountName 作为 -Identity 和 -Manager 参数。
你应该可以做到:
# set the manager property for the user
Get-ADUser -Identity "<THE USER>" | Set-ADUser -Manager "<THE MANAGER>"
之后,您可以使用如下方式强制执行 AD 同步:
$server = 'YourAzureConnectServer'
$cred = Get-Credential -Message 'Please enter user name and password for AD Sync'
$session = New-PSSession -ComputerName $server -Credential $cred
Invoke-Command -Session $session {
if (Get-ADSyncConnectorRunStatus) {
Write-Warning "A sync is already in progress. Please try again later."
}
else {
Write-Host "Initializing Azure AD Delta Sync..." -ForegroundColor Yellow
try {
Start-ADSyncSyncCycle -PolicyType Delta -ErrorAction Stop
Write-Host "Waiting for Sync to start.."
# give the Sync Connector 10 seconds time to start-up
Start-Sleep -Seconds 10
Write-Host "Waiting for Sync to finish.."
While(Get-ADSyncConnectorRunStatus) {
Write-Host "." -NoNewline
Start-Sleep -Seconds 5
}
Write-Host
Write-Host "Azure AD Sync has finished." -ForegroundColor Green
}
catch {
Write-Error $_
}
}
}
Remove-PSSession $session
您还可以使用Start-ADSyncSyncCycle -PolicyType Initial
似乎我需要向同步规则编辑器添加同步规则 - 我遵循了以下 - [Link] (blog.kloud.com.au/2016/11/14/…) - 我添加了在 ad 和 azure 之间同步并再次同步的规则,这似乎已经解决了问题,不需要 ps 脚本。 - 再次感谢@theo 的帮助。 –