[英]I want to execute a run command as a domain user belonging to Active Directory
I use AWS-RunPowerShellScript in system manager.我在系统管理器中使用 AWS-RunPowerShellScript。
At that time, we would like to add an AD user using the dsadd-user
command.那时,我们想使用
dsadd-user
命令添加一个 AD 用户。 But this will result in an error because I don't have access permissions.但这会导致错误,因为我没有访问权限。
Because I believe that the command is executed as a local user named ssm-user
.因为我相信该命令是以名为
ssm-user
的本地用户身份执行的。
I want to run the command as a user belonging to Active Directory - is it possible?我想以属于 Active Directory 的用户身份运行命令 - 这可能吗?
• Yes, it is possible to run the command as a user belonging to Active Directory for adding an AD user using the 'dsadd-user' command. • 是的,可以以属于Active Directory 的用户身份运行该命令,以使用“dsadd-user”命令添加AD 用户。 For that purpose, you will have to ensure that this command is executed with elevated (domain administrator or local administrator) privileges .
为此,您必须确保以提升的(域管理员或本地管理员)权限执行此命令。 Also, ensure that the system from which the command is executed is a domain joint system .
另外,确保执行命令的系统是域联合系统。 Most probably, I would suggest you to execute the below commands on a domain controller .
最有可能的是,我建议您在域 controller上执行以下命令。
Command for adding a user to Active Directory : -将用户添加到 Active Directory 的命令:-
‘ dsadd user <UserDN> [-samid <SAMName>] [-upn <UPN>] [-fn <FirstName>] [-mi <Initial>] [-ln <LastName>] [-display <DisplayName>] [-empid <EmployeeID>] [-pwd {<Password> | *}] [-desc <Description>] [-memberof <Group> ...] [-office <Office>] [-tel <PhoneNumber>] [-email <Email>] [-hometel <HomePhoneNumber>] [-pager <PagerNumber>] [-mobile <CellPhoneNumber>] [-fax <FaxNumber>] [-iptel <IPPhoneNumber>] [-webpg <WebPage>] [-title <Title>] [-dept <Department>] [-company <Company>] [-mgr <Manager>] [-hmdir <HomeDirectory>] [-hmdrv <DriveLetter>:][-profile <ProfilePath>] [-loscr <ScriptPath>] [-mustchpwd {yes | no}] [-canchpwd {yes | no}] [-reversiblepwd {yes | no}] [-pwdneverexpires {yes | no}] [-acctexpires <NumberOfDays>] [-disabled {yes | no}] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [{-uc | -uco | -uci}] ’
Example command : -示例命令:-
‘ dsadd user “cn=John Smith,ou=SouthEmployees,dc=northwindtraders,dc=com” -disabled no –pwd C^h3Bdo9# -mustchpwd yes -memberof cn=janitors,ou=SouthEmployees,dc=northwindtraders,dc=com -acctexpires never ‘
• For executing the above command through AWS Systems manager console , please refer to the AWS documentation link below for more details: - • 要通过AWS Systems manager console执行上述命令,请参阅下面的 AWS 文档链接以获取更多详细信息:-
https://docs.aws.amazon.com/systems-manager/latest/userguide/integration-S3-PowerShell.html https://docs.aws.amazon.com/systems-manager/latest/userguide/integration-S3-PowerShell.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.