当前位置: 文江博客话题详情

如何使用 Powershell 查询 msSFU30MaxUidNumber 属性?

发布于 2024-12-13 12:37:13 字数 143 浏览 1 评论 0原文

有谁知道查询此 UNIX 属性 msSFU30MaxUidNumber 的方法 使用 Powershell 在 Active Directory 中?我正在编写一个脚本,该脚本将根据需要为用户分配 Unix 属性。我还有 Quest AD Powershell 模块可用。

原文

Does anyone know of a way to query this UNIX attribute msSFU30MaxUidNumber
in Active Directory with Powershell? I'm working on a script that will assign Unix attribute to users as needed. I also have the Quest AD Powershell module available.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

巨坚强 2024-12-20 12:37:13

我借用它来设置 UNIX 属性(NISdomain、GID、loginshell、UIDnumber、UID) http://danieltromp.com/2014/06/09/powershell-ad-enable-unix-attributes/

我更新了它,因此它也更新了存储的 msSFU30MaxUidNumber。我见过的所有脚本都忘记了这一点。
如果您将来使用 ADUC 设置 UNIX 属性(或者即使您针对另一个 OU 再次运行该脚本),可以防止出现重复 UID 编号的问题:

Remove-Variable -Name * -Force -ErrorAction SilentlyContinue
Import-Module ActiveDirectory
$NIS = Get-ADObject "CN=DOMAIN,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=Domain,DC=com" -Properties:* #Get NIS server information
$maxUid = $NIS.msSFU30MaxUidNumber #Get the last used User ID

$usuarios = Get-ADUser -Filter * -SearchBase "OU=NAME,OU=NAME,OU=NAME,DC=Domain,DC=com" -Properties:* #Get all users
foreach($usr in $usuarios)
{
  if ($usr.mssfu30nisdomain -eq $null){
  Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{mssfu30nisdomain="Domain"} #Enable NIS
  Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{gidnumber="10005"} #Set Group ID
  Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{loginShell="/bin/bash"} #Set Login Shell
  $maxUid++ #Raise the User ID number
  Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{uidnumber=$maxUid} #Set User ID number
  Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{uid=$usr.SamAccountName} #Set UID
  Write-Host -Backgroundcolor Green -Foregroundcolor Black $usr.SamAccountName changed #Write Changed Username to console
  }
  else{Write-Host -Backgroundcolor Yellow -Foregroundcolor Black $usr.SamAccountName unchanged} #Write Unchanged Username to console with a yellow background
}
$NIS | Set-ADObject -Replace @{msSFU30MaxUidNumber = $maxuid++}
$NIS | Set-ADObject -Replace @{msSFU30MaxUidNumber = $maxuid++}

I borrowed this to set UNIX attributes (NISdomain, GID, loginshell, UIDnumber, UID) http://danieltromp.com/2014/06/09/powershell-ad-enable-unix-attributes/.

I updated it so it also updates the stored msSFU30MaxUidNumber. All scripts I've seen forget this.
Prevents issues with duplicate UIDnumbers if you use ADUC to set UNIX attributes in the future (or even if you run the script again against another OU):

Remove-Variable -Name * -Force -ErrorAction SilentlyContinue
Import-Module ActiveDirectory
$NIS = Get-ADObject "CN=DOMAIN,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=Domain,DC=com" -Properties:* #Get NIS server information
$maxUid = $NIS.msSFU30MaxUidNumber #Get the last used User ID

$usuarios = Get-ADUser -Filter * -SearchBase "OU=NAME,OU=NAME,OU=NAME,DC=Domain,DC=com" -Properties:* #Get all users
foreach($usr in $usuarios)
{
  if ($usr.mssfu30nisdomain -eq $null){
  Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{mssfu30nisdomain="Domain"} #Enable NIS
  Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{gidnumber="10005"} #Set Group ID
  Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{loginShell="/bin/bash"} #Set Login Shell
  $maxUid++ #Raise the User ID number
  Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{uidnumber=$maxUid} #Set User ID number
  Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{uid=$usr.SamAccountName} #Set UID
  Write-Host -Backgroundcolor Green -Foregroundcolor Black $usr.SamAccountName changed #Write Changed Username to console
  }
  else{Write-Host -Backgroundcolor Yellow -Foregroundcolor Black $usr.SamAccountName unchanged} #Write Unchanged Username to console with a yellow background
}
$NIS | Set-ADObject -Replace @{msSFU30MaxUidNumber = $maxuid++}
$NIS | Set-ADObject -Replace @{msSFU30MaxUidNumber = $maxuid++}
回复 原文
泪之魂 2024-12-20 12:37:13

您似乎可以找到迄今为止分配的最高值存储在 cn=yourYPDomain,cn=ypservers,cn=ypserv30,cn=RpcServices,cn=system,dc=dom 上的 msSFU30MaxUidNumber 属性中,dc=fr

这是一个按原样给出的脚本:我现在无法在我的配置中测试它,我只是从 Microsoft 法国咨询文档(第 17 页)。

# Get the Yellow page domain and his attribute msSFU30MaxUidNumber
# dom.fr (dc=dom,dc=fr)is my domain
# myYPDomain is the name of my yellow Page domain
$ypDomain = New-Object System.DirectoryServices.DirectoryEntry ("LDAP://societe.fr:389/cn=myYPDomain,cn=ypservers,cn=ypserv30,cn=RpcServices,cn=system,dc=dom,dc=fr","[email protected]","admin")
#$msSFU30MaxUidNumber = $ypDomain.Properties["msSFU30MaxUidNumber"]
$msSFU30MaxUidNumber = $ypDomain.msSFU30MaxUidNumber

# Find a given user
$dn = New-Object System.DirectoryServices.DirectoryEntry ("LDAP://societe.fr:389/dc=dom,dc=fr","[email protected]","admin")
$dsLookFor = new-object System.DirectoryServices.DirectorySearcher($dn)
$dsLookFor.Filter = "(&(samAccountName=user1)(objectCategory=user))"; 
$dsLookFor.SearchScope = "subtree"; 
$n = $dsLookFor.PropertiesToLoad.Add("cn"); 
$n = $dsLookFor.PropertiesToLoad.Add("distinguishedName");
$Usr = $dsLookFor.findOne()

# Assign new value
$Usr.msSFU30MaxUidNumber = $msSFU30MaxUidNumber + 1
$Usr.SetInfo()

# Save the new Value
$ypDomain.msSFU30MaxUidNumber = $msSFU30MaxUidNumber + 1
$ypDomain.SetInfo()

It seems that you can find the highest value assigned so far stored in msSFU30MaxUidNumber attribute on cn=yourYPDomain,cn=ypservers,cn=ypserv30,cn=RpcServices,cn=system,dc=dom,dc=fr.

Here is a script given as is : I'am not able to test it in my configuration now, I just write a short translation to powershell from the VBscript found in a Microsoft Consulting France document(page 17).

# Get the Yellow page domain and his attribute msSFU30MaxUidNumber
# dom.fr (dc=dom,dc=fr)is my domain
# myYPDomain is the name of my yellow Page domain
$ypDomain = New-Object System.DirectoryServices.DirectoryEntry ("LDAP://societe.fr:389/cn=myYPDomain,cn=ypservers,cn=ypserv30,cn=RpcServices,cn=system,dc=dom,dc=fr","[email protected]","admin")
#$msSFU30MaxUidNumber = $ypDomain.Properties["msSFU30MaxUidNumber"]
$msSFU30MaxUidNumber = $ypDomain.msSFU30MaxUidNumber

# Find a given user
$dn = New-Object System.DirectoryServices.DirectoryEntry ("LDAP://societe.fr:389/dc=dom,dc=fr","[email protected]","admin")
$dsLookFor = new-object System.DirectoryServices.DirectorySearcher($dn)
$dsLookFor.Filter = "(&(samAccountName=user1)(objectCategory=user))"; 
$dsLookFor.SearchScope = "subtree"; 
$n = $dsLookFor.PropertiesToLoad.Add("cn"); 
$n = $dsLookFor.PropertiesToLoad.Add("distinguishedName");
$Usr = $dsLookFor.findOne()

# Assign new value
$Usr.msSFU30MaxUidNumber = $msSFU30MaxUidNumber + 1
$Usr.SetInfo()

# Save the new Value
$ypDomain.msSFU30MaxUidNumber = $msSFU30MaxUidNumber + 1
$ypDomain.SetInfo()
回复 原文
溺深海 2024-12-20 12:37:13

由于您有可用的 Quest AD cmdlet,因此这里有一些基于 JPBlanc 的答案的快速信息。它假设您正在使用已经拥有相关 AD 属性权限的帐户运行脚本:

# The -IncludedProperties parameter is needed because msSFU30MaxUidNumber is not part of Get-QADObject's default attribute set
$ypDomain = Get-QADObject -Identity "cn=myYPDomain,cn=ypservers,cn=ypserv30,cn=RpcServices,cn=system,dc=dom,dc=fr" -IncludedProperties msSFU30MaxUidNumber

$maxUidNumber = $ypDomain.msSFU30MaxUidNumber

$newMaxUidNumber = $maxUidNumber + 1

# Sets the msSFU30UidNumber attribute for User1

Get-QADUser -samAccountName User1 | Set-QADUser -objectAttributes @{msSFU30UidNumber = $newMaxUidNumber}

# Increments the msSFU30MaxUidNumber for the YP domain.

$ypDomain | Set-QADObject -objectAttributes @{msSFU30MaxUidNumber = $newMaxUidNumber}

Since you have the Quest AD cmdlets available, here's something quick based on JPBlanc's answer. It assumes that you are running your script with an account that already has privileges on the relevant AD attributes:

# The -IncludedProperties parameter is needed because msSFU30MaxUidNumber is not part of Get-QADObject's default attribute set
$ypDomain = Get-QADObject -Identity "cn=myYPDomain,cn=ypservers,cn=ypserv30,cn=RpcServices,cn=system,dc=dom,dc=fr" -IncludedProperties msSFU30MaxUidNumber

$maxUidNumber = $ypDomain.msSFU30MaxUidNumber

$newMaxUidNumber = $maxUidNumber + 1

# Sets the msSFU30UidNumber attribute for User1

Get-QADUser -samAccountName User1 | Set-QADUser -objectAttributes @{msSFU30UidNumber = $newMaxUidNumber}

# Increments the msSFU30MaxUidNumber for the YP domain.

$ypDomain | Set-QADObject -objectAttributes @{msSFU30MaxUidNumber = $newMaxUidNumber}
回复 原文
~没有更多了~

关于作者

灼疼热情

暂无简介

文章
评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

Promise

文章 0 评论 0

qq_lbRlsh

文章 0 评论 0

待"谢繁草

文章 0 评论 0

yy2010hell

文章 0 评论 0

漫无边际

文章 0 评论 0

傲娇萝莉攻

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文