« 上一篇下一篇 »

4-3 Using Automation to Manage Group Accounts

Lesson 3 Using Automation to Manage Group Accounts 4-13 Lesson 3: Using Automation to Manage Group Accounts
Although the Active Directory Users And Computers MMC is a convenient way to create and modify groups individually, it is not the most efficient method for creating large numbers of security principals. A tool included with Windows Server 2003, Ldifde.exe, facilitates the importing and exporting of larger numbers of security principals, including groups. After this lesson, you will be able to ■ Import security principals with LDIFDE ■ Export security principles with LDIFDE ■ Use the DSADD and DSMOD commands to create and modify groups Estimated lesson time: 30 minutes
Using LDIFDE
The Lightweight Directory Access Protocol (LDAP) Data Interchange Format (LDIF) is a draft Internet standard for a file format that may be used to perform batch operations against directories that conform to the LDAP standards. LDIF can be used to export and import data, allowing batch operations such as add, create, and modify to be per-formed against the Active Directory. A utility program called LDIFDE is included in Windows Server 2003 to support batch operations based on the LDIF file format standard.
LDIFDE is a command-line utility, available on all Windows Server 2003 editions. From a command prompt or command shell, you run the LDIFDE utility with the appropriate command switches. Figure 4-3 lists the primary commands used with LDIFDE displayed by typing ldifde /? at the command prompt. Figure 4-3 LDIFDE command-line help file
4-14 Chapter 4 Group Accounts Table 4-4 details the primary LDIFDE commands.
Table 4-4 LDIFDE Commands (Primary)
Command Usage
General parameters
-i Turn on Import mode (The default is Export) -f filename Input or Output filename -s servername The server to bind to -c FromDN ToDN Replace occurrences of FromDN to ToDN -v Turn on Verbose mode -j path Log File Location -t port Port Number (default = 389) -? Help
Export specific parameters -d RootDN The root of the LDAP search (Default to Naming Context) -r Filter LDAP search filter (Default to “(objectClass=*)”) -p SearchScope Search Scope (Base/OneLevel/Subtree) -l list List of attributes (comma-separated) to look for in an LDAP search -o list List of attributes (comma-separated) to omit from input -g Disable Paged Search -m Enable the Security Accounts Manager (SAM) logic on export -n Do not export binary values
Import specific parameters
-k The import will ignore “Constraint Violation” and “Object Already Exists” errors
Credentials parameters
-a UserDN Sets the command to run using the supplied user distinguished name and password. For example: “cn=administrator,dc=contoso,dc-com password”
-b UserName Sets the command to run as username domain password. The default is to Domain run using the credentials of the currently logged on user. Note The LDIFDE utility is included in Windows Server 2003, and can be copied to a com- puter running Windows 2000 Professional or Windows XP. It can then be bound and used remotely to the Windows Server 2003 Active Directory.
Lesson 3 Using Automation to Manage Group Accounts 4-15 Real World Account Creation Often, you will have a collection of data that already has a great deal of the information with which you will populate your Windows Server 2003 Active Directory. The data may be in a down-level domain (Windows NT 4, Windows 2000, Novell Directory Services (NDS), or some other type of database (Human Resource departments are famous for compiling data). If you have this user data available, you can use it to populate the bulk of your Active Directory. There are many tools that are available to facilitate the extraction of data: Addusers for Windows NT 4 and LDIFDE for Windows 2000, for example. In addition, most database programs have the built-in capacity to export their data into a Comma-Separated-Value (CSV) file, which LDIFDE can import. For CSV files, however, it should be noted that some elements in object creation are mandatory, and errors will result during the import if elements are missing from the file. Group creation, however, has only the required elements of a distinguished name (CN=User) and location (DC=Domain, DC=OU), which you are unlikely to omit. With a little editing, you can add the OU and group data to the import file, and use LDIFDE to build your Active Directory much more quickly.
Creating Groups with DSADD
The DSADD command, introduced in Chapter 2, is used to add objects to Active Directory. To add a group, use the syntax
dsadd group GroupDN…
The GroupDN… parameter is one or more distinguished names for the new user objects. If a DN includes a space, surround the entire DN with quotation marks. The GroupDN… parameter can be entered one of the following ways:
■ By piping a list of DNs from another command, such as dsquery.
■ By typing each DN on the command line, separated by spaces.
■ By leaving the DN parameter empty, at which point you can type the DNs, one at a time, at the keyboard console of the command prompt. Press ENTER after each DN. Press CTRL+Z and ENTER after the last DN.
The DSADD GROUP command can take the following optional parameters after the DN parameter:
■ -secgrp {yes | no} determines whether the group is a security group (yes) or a distribution group (no). The default value is yes.
4-16 Chapter 4 Group Accounts ■ -scope {l | g | u} determines whether the group is a domain local (l), global (g, the default), or universal (u).
■ -samid SAMName
■ desc Description
■ -memberof GroupDN... specifies groups to which to add the new group.
■ -members MemberDN... specifies members to add to the group.
As discussed in Chapter 3, you can add -s, -u, and -p parameters to specify the domain controller against which DSADD will run, and the user name and password—the credentials—that will be used to execute the command.
■ {-s Server | -d Domain} ■ -u UserName ■ -p {Password | *}
Modifying Groups with DSMOD
The DSMOD command, introduced in Chapter 2, is used to modify objects in Active Directory. To modify a group, use the syntax
dsmod group GroupDN…
The command takes many of the same switches as DSADD, including -samid, -desc, -secgrp, and -scope. Typically, though, you won't be changing those attributes of an existing group. Rather, the most useful switches are those that let you modify the membership of a group, specifically
■ -addmbr Member... adds members to the group specified in Group
■ -rmmbr Member... removes members from the group specified in Group
where, as with all directory service commands, the DN is the full, distinguished name of another Active Directory object, surrounded by quotes if there are any spaces in the DN. Note On any one command line, you can use only -addmbr or -rmmbr. You cannot use both in a single DSMOD GROUP command.

  还没注册Payoneer的朋友可免费申请一个,现在申请Payoneer可获得25美元奖励并且直接享受1.2%全包的优惠:不仅入账免费,全币种提现只收1.2%的费用,无汇损,当你累积收款100美元时将一次性获得25美元奖励。需要注意的是,如果你直接打开Payoneer官网进行注册,是没有上述优惠的,请务必打开【野猪尖的推荐链接】进行注册。Payoneer注册咨询QQ:2822129880

Payoneer

野猪尖的推荐链接https://www.payoneer.com/zh/znp (此地址要完整地复制,建议直接点击)

【Payoneer申请教程:个人账户企业账户订购Payoneer实体卡(P卡)

Payoneer注册与使用指南(包括P卡申请、Payoneer官方、手续费、收款、提现和消费):
注册-收款工具那么多,为何选择Payoneer? | 为何申请Payoneer万事达预付卡+欧美日收款银行账号
   Payoneer有卡账户和无卡账户的区别Payoneer个人账户注册申请教程P卡公司帐户注册教程
   Payoneer欧元帐户虚拟卡) | Payoneer英镑帐户Payoneer日元帐户订购实体卡(P卡
   Payoneer卡年费啥时候扣? | Payoneer卡休眠和激活P卡到期后如何更换? | 如何注销P卡

官方-Payoneer秉承公正、公开、透明服务Payoneer官方最新政策汇总官方客服联系方式
   Payoneer官方费用表如何减少Payoneer的手续费?点此免除入账费点此降低提现费
   跨境收款服务商拷问篇——PayoneerPayoneer客户答疑手册(FAQ)Payoneer手机App

收款-跨境电商/外贸收款方式对比Payoneer可以错名收款吗
   Amazon亚马逊卖家设置Payoneer卡收款教程Payoneer可提供亚马逊KYC审核所需银行账单
   Amazon亚马逊收款方式对比(Payoneer,World First,PingPong,美国/香港银行卡)
   CJ联盟设置Payoneer卡收款ClickBank联盟设置Payoneer收款Amazon联盟设置P卡收款
   Payoneer如何从东南亚电商平台Lazada收款如何在Lazada开店
   Payoneer如何从拉美电商平台Linio收款? | Payoneer绑定非洲电商平台Jumia收款
   Payoneer支持从美国电商平台Newegg收款
   Payoneer如何从跨境移动电商Wish收款? | Wish模式正在改变电商格局
   Payoneer支持从法国乐天Priceminister收款法国电商平台CDiscount对接Payoneer收款
   如何使用Payoneer请求付款?关于Payoneer卡充值
   从PayPal提现到Payoneer卡教程及手续费用PayPal无法绑定并转账到Payoneer卡

提现-从Payoneer卡提现到国内银行账户Payoneer无法从Dating联盟收款并限制提现方式
   用P卡在中国银行ATM机取款4000元用Payoneer卡在中国建设银行ATM机取款500元

消费-Payoneer为卖家提供更便捷的VAT缴费方案用Payoneer卡在GoDaddy买域名主机教程


人在做天在看,转载请以链接的形式注明本文地址
本文地址:http://www.zhaoniupai.com/blog/archives/238.html