我想以属于 Active Directory 的域用户身份执行运行命令
[英]I want to execute a run command as a domain user belonging to Active Directory
问题描述
I use AWS-RunPowerShellScript in system manager.
我在系统管理器中使用 AWS-RunPowerShellScript。
At that time, we would like to add an AD user using the dsadd-user command.那时,我们想使用dsadd-user命令添加一个 AD 用户。 But this will result in an error because I don't have access permissions.但这会导致错误,因为我没有访问权限。
Because I believe that the command is executed as a local user named ssm-user .因为我相信该命令是以名为ssm-user的本地用户身份执行的。
I want to run the command as a user belonging to Active Directory - is it possible?我想以属于 Active Directory 的用户身份运行命令 - 这可能吗?
1 个解决方案
解决方案1
0 2022-03-07 13:08:33
• Yes, it is possible to run the command as a user belonging to Active Directory for adding an AD user using the 'dsadd-user' command. • 是的,可以以属于Active Directory 的用户身份运行该命令,以使用“dsadd-user”命令添加AD 用户。 For that purpose, you will have to ensure that this command is executed with elevated (domain administrator or local administrator) privileges .为此,您必须确保以提升的(域管理员或本地管理员)权限执行此命令。 Also, ensure that the system from which the command is executed is a domain joint system .另外,确保执行命令的系统是域联合系统。 Most probably, I would suggest you to execute the below commands on a domain controller .最有可能的是,我建议您在域 controller上执行以下命令。
Command for adding a user to Active Directory : -将用户添加到 Active Directory 的命令:-
‘ dsadd user <UserDN> [-samid <SAMName>] [-upn <UPN>] [-fn <FirstName>] [-mi <Initial>] [-ln <LastName>] [-display <DisplayName>] [-empid <EmployeeID>] [-pwd {<Password> | *}] [-desc <Description>] [-memberof <Group> ...] [-office <Office>] [-tel <PhoneNumber>] [-email <Email>] [-hometel <HomePhoneNumber>] [-pager <PagerNumber>] [-mobile <CellPhoneNumber>] [-fax <FaxNumber>] [-iptel <IPPhoneNumber>] [-webpg <WebPage>] [-title <Title>] [-dept <Department>] [-company <Company>] [-mgr <Manager>] [-hmdir <HomeDirectory>] [-hmdrv <DriveLetter>:][-profile <ProfilePath>] [-loscr <ScriptPath>] [-mustchpwd {yes | no}] [-canchpwd {yes | no}] [-reversiblepwd {yes | no}] [-pwdneverexpires {yes | no}] [-acctexpires <NumberOfDays>] [-disabled {yes | no}] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [{-uc | -uco | -uci}] ’
Example command : -示例命令:-
‘ dsadd user “cn=John Smith,ou=SouthEmployees,dc=northwindtraders,dc=com” -disabled no –pwd C^h3Bdo9# -mustchpwd yes -memberof cn=janitors,ou=SouthEmployees,dc=northwindtraders,dc=com -acctexpires never ‘
• For executing the above command through AWS Systems manager console , please refer to the AWS documentation link below for more details: - • 要通过AWS Systems manager console执行上述命令,请参阅下面的 AWS 文档链接以获取更多详细信息:-
https://docs.aws.amazon.com/systems-manager/latest/userguide/integration-S3-PowerShell.html https://docs.aws.amazon.com/systems-manager/latest/userguide/integration-S3-PowerShell.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.