stackoom
  简体   繁体   中英

I want to execute a run command as a domain user belonging to Active Directory

 原文  2022-03-05 13:32:28       amazon-web-services/ powershell/ active-directory/ aws-ssm

Question

I use AWS-RunPowerShellScript in system manager.

At that time, we would like to add an AD user using the dsadd-user command. But this will result in an error because I don't have access permissions.

Because I believe that the command is executed as a local user named ssm-user .

I want to run the command as a user belonging to Active Directory - is it possible?

1 answers

solution1
 0  2022-03-07 13:08:33

• Yes, it is possible to run the command as a user belonging to Active Directory for adding an AD user using the 'dsadd-user' command. For that purpose, you will have to ensure that this command is executed with elevated (domain administrator or local administrator) privileges . Also, ensure that the system from which the command is executed is a domain joint system . Most probably, I would suggest you to execute the below commands on a domain controller .

Command for adding a user to Active Directory : -

 ‘ dsadd user <UserDN> [-samid <SAMName>] [-upn <UPN>] [-fn <FirstName>] [-mi <Initial>] [-ln <LastName>] [-display <DisplayName>] [-empid <EmployeeID>] [-pwd {<Password> | *}] [-desc <Description>] [-memberof <Group> ...] [-office <Office>] [-tel <PhoneNumber>] [-email <Email>] [-hometel <HomePhoneNumber>] [-pager <PagerNumber>] [-mobile <CellPhoneNumber>] [-fax <FaxNumber>] [-iptel <IPPhoneNumber>] [-webpg <WebPage>] [-title <Title>] [-dept <Department>] [-company <Company>] [-mgr <Manager>] [-hmdir <HomeDirectory>] [-hmdrv <DriveLetter>:][-profile <ProfilePath>] [-loscr <ScriptPath>] [-mustchpwd {yes | no}] [-canchpwd {yes | no}] [-reversiblepwd {yes | no}] [-pwdneverexpires {yes | no}] [-acctexpires <NumberOfDays>] [-disabled {yes | no}] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [{-uc | -uco | -uci}] ’

Example command : -

‘ dsadd user “cn=John Smith,ou=SouthEmployees,dc=northwindtraders,dc=com” -disabled no –pwd C^h3Bdo9# -mustchpwd yes -memberof cn=janitors,ou=SouthEmployees,dc=northwindtraders,dc=com -acctexpires never ‘

• For executing the above command through AWS Systems manager console , please refer to the AWS documentation link below for more details: -

https://docs.aws.amazon.com/systems-manager/latest/userguide/integration-S3-PowerShell.html

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Error while connecting to Active directory domain controller "An active directory domain controller could not be contacted" how can i adjust the password profile of a user while iam creating it on azure active directory Is it possible to choose the S3 directory I want to store my pipeline run files? Java Spring - Active Directory- How can I Get AD User Details (telNumber, full name, mail , address, description)? How use User Delegation SAS Or Azure RBAC to grant permissions on storage account containers for azure active directory B2C users (Custom Domain)? i want to change my wordpress pod domain name Power Apps Portal Liquid - List Active Directory User Groups Reading user IP address with API Connector in User Flows in Azure Active Directory B2C WSO2 Identity Server User Portal and Active Directory Azure Active Directory B2C with Azure Front door auth response uses wrong domain
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM