[英]When does WinNT:// provider query Active Directory? Or how to get SID of local group member if it is domain account
Okay so I am using the WinNT provider with a DirectoryEntry class to enumerate the members of a local group, through the Members property. 好的,所以我将WinNT提供程序与DirectoryEntry类一起使用,通过Members属性来枚举本地组的成员 。
If the member is a local account, the DirectoryEntry will also be read from the SAM on the local machine presumably. 如果成员是本地帐户,则大概也会从本地计算机上的SAM中读取DirectoryEntry。
If the member is a Domain Account however, will the provider perform a query to Active Directory when I access the properties of the DirectoryEntry object? 但是,如果成员是域帐户,当我访问DirectoryEntry对象的属性时,提供程序是否将对Active Directory执行查询?
Is there a way to differentiate the two scenarios? 有没有办法区分这两种情况? For example check a property on the DirectoryEntry to see if it is going to get the properties from the local machine SAM, or by querying a domain controller to read Active Directory?
例如,检查DirectoryEntry上的属性以查看它是要从本地计算机SAM中获取属性,还是查询域控制器以读取Active Directory?
Is there a way to get the name (or even just the SID) of the member without querying Active Directory? 有没有一种方法可以获取成员的名称(甚至只是SID) 而无需查询Active Directory?
I'm trying to enumerate the local groups on a large number of servers and don't want to be hammering the domain controller, if they contain many domain user accounts. 我正在尝试枚举大量服务器上的本地组,并且如果它们包含许多域用户帐户,则不想重击域控制器。
You could query Win32_GroupUser, and that shouldn't hit AD at all. 您可以查询Win32_GroupUser,这根本不会打AD。 Then you just have to do a little string parsing to get the user name, user type (user/group), and source (local/domain).
然后,您只需要进行一些字符串解析即可获取用户名,用户类型(用户/组)和源(本地/域)。
$Servers = 'Server1.domain.com','Server2.domain.com'
$GMembers = ForEach($Server in $Servers){
$BaseName=$Server.split('.')[0]
Get-WmiObject -ComputerName $Server -Query "SELECT * FROM win32_GroupUser WHERE GroupComponent = ""Win32_Group.Domain='$BaseName',Name='Administrators'"""
}
$GMembers |
?{$_.PartComponent -match '\\\\(.+?)\\.+?Win32_(.+?)\.Domain="(.+?)",Name="(.+?)"'}|
%{
[PSCustomObject]@{
Server=$Matches[1]
Domain=$Matches[3]
Account=$Matches[4]
AccountType=$Matches[2]
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.