I am trying to execute the cmdlet Add-ADGroupMember in powershell but i get this error:
Add-ADGroupMember: Could not create the CN = domain.com.py chain of X.509 certificate. The certificate
Employee has a chain of trust that cannot be verified. Replace the certificate or change the value of
certificateValidationMode. The revocation function cannot verify the revocation because the server
revocation is offline.
Online: 1 Character: 1
+ Add-ADGroupMember -Identity "Group_Name" -Members user1 -A ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo: SecurityError: (Group_Name: ADGroup) [Add-ADGroupMember], AuthenticationException
+ FullyQualifiedErrorId: ActiveDirectoryCmdlet: System.Security.Authentication.AuthenticationException, Microsoft.A
ctiveDirectory.Management.Commands.AddADGroupMember
I've tried executing: 1-
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
2-
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ;
And tried adding the certificate to the mmc.exe, but none of theese options worked for me, is there anything i am doing wrong? or is there another option i am missing?
Solved by changing the parameter -AuthType to 0 when calling Add-ADGroupMember