生成用于 LDIFDE 导入的 objectSID
我正在编写一个 AD 同步工具,它采用从 AD A 导出的 LDIF 文件,应用一些替换和跳过规则,并创建另一个 LDIF 文件,然后将其应用于 AD B。 在创建过程中,我对 AD B 具有读取访问权限,因此我可以让架构了解我可以或不能设置哪些属性值对,并查看 B 中是否已经存在我只拥有的所有就绪对象可以修改,但不能创建。到目前为止,一切都很好。
现在,我的规则不会复制 objectSid (和其他),因为它们是不正确的。据我检查,SID始终由domainSid和ID组成,例如SOME-DOMAIN-SID-513,它是该域的域用户的SID。 所以 ID <那么 1024 似乎被保留供内部使用,而 IDs > 1024重生玩转1024
现在我的问题是,我可以为我想要创建的新条目创建自己的 objectSID 并将其设置在 LDIF 文件中吗?
有什么提示吗?
i'm writing an AD sync tool, which takes an LDIF file exported from an AD A, applies some replaceing and skip rules and creates another LDIF file that can then be applied to an AD B.
During the creation, i have read access on the AD B, so i can get the Schema to know what attribute-value pairs i can or can not set, and to see if there are allready objects that already exist in B that i only have to modify , but not to create. So far so good.
Right now, my rules do not copy the objectSid (and others), since they won't be right. As far as i checked, a SID is always composed of the domainSid and and an ID, like SOME-DOMAIN-SID-513 which is the SID of the Domain Users of that domain.
So IDs < then 1024 seem to be reserved for internal use while IDs > 1024 will be part of objects that where created on the way.
My question is now, can i create own objectSIDs for new entries that i want to create and set them in the LDIF file?
Any hints on that?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我认为您不能可以 。我很好奇你为什么想要这么做。
I don't think you can. I'm intrigued as to why you'd want to.