[英]PowerShell Import CSV to add Active Directory Security Groups
[英]PowerShell: How to add 1 user to multiple Active Directory Security Groups - Security tab of the security group with write permission
我正在尝试向 Active Directory 中的多个安全组添加 1 个 ID。 该ID只需添加到安全组的“安全选项卡”中,无需添加为成员。
我需要为此 ID 设置“写入”权限。
无论如何在Power-Shell中执行此操作?
有说明这里,虽然给出了组(包括权利删除)的用户完全控制,并有一些其他的问题(如硬编码的用户名)。
我已经为您修改了该示例,仅授予GenericWrite
权限,并接受用户名作为参数。 这还假设您运行它的用户、组和计算机都在同一个域中:
function Set-GroupSecurity {
[CmdletBinding()]
param (
[string] $GroupName,
[string] $UserName
)
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$root = $dom.GetDirectoryEntry()
$search = [System.DirectoryServices.DirectorySearcher]$root
$search.Filter = "(&(objectclass=group)(sAMAccountName=$GroupName))"
$search.SizeLimit = 3000
$result = $search.FindOne()
$object = $result.GetDirectoryEntry()
$sec = $object.ObjectSecurity
## set the rights and control type
$allow = [System.Security.AccessControl.AccessControlType]::Allow
$read = [System.DirectoryServices.ActiveDirectoryRights]::GenericRead
$write = [System.DirectoryServices.ActiveDirectoryRights]::GenericWrite
## who does this apply to
$domname = ([ADSI]"").Name
$who = New-Object -TypeName System.Security.Principal.NTAccount -ArgumentList "$domname", $UserName
# apply rules
$readrule = New-Object -TypeName System.DirectoryServices.ActiveDirectoryAccessRule -ArgumentList $who, $read, $allow
$sec.AddAccessRule($readrule)
$writerule = New-Object -TypeName System.DirectoryServices.ActiveDirectoryAccessRule -ArgumentList $who, $write, $allow
$sec.AddAccessRule($writerule)
# tell it that we're only changing the DACL and not the owner
$object.get_Options().SecurityMasks = [System.DirectoryServices.SecurityMasks]::Dacl
# save
$object.CommitChanges()
}
您可以将其粘贴到 PowerShell 提示符中并按 Enter。 这将使该功能可用。 然后你可以像这样使用它:
Set-GroupSecurity -GroupName "TstGroup1" -UserName "someone"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.