OUga huquqlarni topshirish uchun dsacls

Active Directory-da ma'muriy vakolatlarni topshirish


OUga huquqlarni topshirish uchun dsacls


Download 361.07 Kb.
bet4/4
Sana14.12.2022
Hajmi361.07 Kb.
#1004170
1   2   3   4
Bog'liq
8-ma\'ruza

OUga huquqlarni topshirish uchun dsacls yordam dasturidan foydalanishingiz mumkin . Masalan:
dsacls "ou=users,ou=msk, dc=winitpro,dc=ru" /I:S /G "WINITPRO\HELPDESK:CA;Reset Password;user" "WINITPRO\HELPDESK:WP;pwdLastSet;user" "WINITPRO\HELPDESK:WP;lockoutTime;user
PowerShell-dan foydalanib, tashkilot konteyneriga huquqlarni ham belgilashingiz mumkin (ushbu misolda parolni tiklash huquqlari berilgan):
$ou = "AD:\OU=test,DC=test,DC=com"
$group = Get-ADGroup helpdesk
$sid = new-object System.Security.Principal.SecurityIdentifier $group.SID
$ResetPassword = [GUID]"00299570-246d-11d0-a768-00aa006e0529"
$UserObjectType = "bf967aba-0de6-11d0-a285-00aa003049e2"
$ACL = get-acl $OU
$RuleResetPassword = New-Object System.DirectoryServices.ActiveDirectoryAccessRule ($sid, "ExtendedRight", "Allow", $ResetPassword, "Descendents", $UserObjectType)
$ACL.AddAccessRule($RuleResetPassword)
Set-Acl -Path $OU -AclObject $ACL
Xuddi shunday, PowerShell-dan foydalanib, siz AD tashkiliy konteynerlariga boshqa huquqlarni topshirishingiz mumkin.
Download 361.07 Kb.

Do'stlaringiz bilan baham:
1   2   3   4



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2024
ma'muriyatiga murojaat qiling