[英]How to query Security Policy with AdsiSearcher in powershell?
I am trying to find all servers that set TrustedForDelegation : True
, I am able to find all servers using ([adsisearcher]"ObjectCategory=Computer").Findall().properties
but I can't see any of the security policy properties. 我正在尝试查找设置
TrustedForDelegation : True
所有服务器TrustedForDelegation : True
,我能够使用([adsisearcher]"ObjectCategory=Computer").Findall().properties
查找所有服务器,但看不到任何安全策略属性。 How would I go about viewing filtering for security policy properties? 如何查看安全策略属性的过滤?
Btw the reason I am using AdsiSearcher
is because I don't have the Active Directory module available to import. 顺便说一句,我使用
AdsiSearcher
的原因是因为我没有可用于导入的Active Directory模块。
The Trusted for Delegation permission is stored in the userAccountControl
attribute in AD, which is a bit field , meaning that the value indicates several flags that can be on or off. 委托委派权限存储在AD的
userAccountControl
属性中,该属性是一个bit字段 ,这意味着该值指示可以打开或关闭的几个标志。 The full list is here . 完整列表在这里 。
Adding this to your query is a little tricky. 将此添加到您的查询有点棘手。 It requires a bitwise AND comparison to see if a specific flag is turned on.
它需要按位与进行比较,以查看是否打开了特定标志。 AD allows this through a matching rule OID called
LDAP_MATCHING_RULE_BIT_AND
. AD通过名为
LDAP_MATCHING_RULE_BIT_AND
的匹配规则OID允许此LDAP_MATCHING_RULE_BIT_AND
。
You would use it in an LDAP query like this: 您可以在LDAP查询中使用它,如下所示:
(userAccountControl:1.2.840.113556.1.4.803:=524288)
So your code to find all computers with the Trusted for Delegation permissions would look something like this: 因此,用于查找所有具有“受信任的委派”权限的计算机的代码如下所示:
([adsisearcher]"(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=524288))").Findall()
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.