如何在 Powershell 中模拟 Active Directory 用户?
时间:2022-11-20问题描述
我正在尝试通过 Web 界面 (ASP.NET/C#) 运行 powershell 命令,以便在 Exchange 2007 上创建邮箱/等.当我使用 Visual Studio (Cassini) 运行页面时,页面正确加载.但是,当我在 IIS (v5.1) 上运行它时,出现错误未知用户名或密码错误".我注意到的最大问题是 Powershell 是作为 ASPNET 而不是我的 Active Directory 帐户登录的.如何强制我的 Powershell 会话使用另一个 Active Directory 帐户进行身份验证?
I'm trying to run powershell commands through a web interface (ASP.NET/C#) in order to create mailboxes/etc on Exchange 2007. When I run the page using Visual Studio (Cassini), the page loads up correctly. However, when I run it on IIS (v5.1), I get the error "unknown user name or bad password". The biggest problem that I noticed was that Powershell was logged in as ASPNET instead of my Active Directory Account. How do I force my Powershell session to be authenticated with another Active Directory Account?
基本上,我到目前为止的脚本看起来像这样:
Basically, the script that I have so far looks something like this:
RunspaceConfiguration rc = RunspaceConfiguration.Create();
PSSnapInException snapEx = null;
rc.AddPSSnapIn("Microsoft.Exchange.Management.PowerShell.Admin", out snapEx);
Runspace runspace = RunspaceFactory.CreateRunspace(rc);
runspace.Open();
Pipeline pipeline = runspace.CreatePipeline();
using (pipeline)
{
pipeline.Commands.AddScript("Get-Mailbox -identity 'user.name'");
pipeline.Commands.Add("Out-String");
Collection<PSObject> results = pipeline.Invoke();
if (pipeline.Error != null && pipeline.Error.Count > 0)
{
foreach (object item in pipeline.Error.ReadToEnd())
resultString += "Error: " + item.ToString() + "
";
}
runspace.Close();
foreach (PSObject obj in results)
resultString += obj.ToString();
}
return resultString;
推荐答案
出于安全原因,Exchange 2007 不允许您模拟用户.这意味着(目前)无法通过模拟用户来创建邮箱.为了解决这个问题,我创建了一个在 AD 用户下运行的 Web 服务,该用户有权创建电子邮件帐户等.然后您可以访问此 Web 服务以访问 powershell.请记住添加必要的安全性,因为这可能是一个巨大的安全漏洞.
Exchange 2007 doesn't allow you to impersonate a user for security reasons. This means that it is impossible (at the moment) to create mailboxes by impersonating a user. In order to get around this problem, I created a web service which runs under AD user which has permissions to create email acounts, etc. You can then access this webservice to get access to powershell. Please remember to add the necessary security because this could potentially be a huge security hole.
这篇关于如何在 Powershell 中模拟 Active Directory 用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!
相关文章
如何确定帐户的类型(AD 用户与 AD 组)?How to determine the type (AD User vs. AD Group) of an account?(如何确定帐户的类型(AD 用户与 AD 组)?)- 如何解决“服务器不支持控件.控制至关重要."活动目录错误How to resolve quot;The server does not support the control. The control is critical.quot; Active Directory error(如何解决“服务器不支持控件.控制至关
- 如何知道我的 DirectoryEntry 是否真的连接到我的 LDAP 目录?How to know if my DirectoryEntry is really connected to my LDAP directory?(如何知道我的 DirectoryEntry 是否真的连接到我的 LDAP 目录?)
- 将成员从受信任的域添加到 AD 组Add member to AD group from a trusted domain(将成员从受信任的域添加到 AD 组)
- 检查 Active Directory 密码是否与 cookie 不同Check if Active Directory password is different from cookie(检查 Active Directory 密码是否与 cookie 不同)
- Active Directory:DirectoryEntry 成员列表 <>GroupPrActive Directory: DirectoryEntry member list lt;gt; GroupPrincipal.GetMembers()(Active Directory:DirectoryEntry 成员列表 lt;gt;GroupPrincipal.GetMembe
最新文章
- 我使用哪个 Active Directory 字段来唯一标识用户?
- LDAPS 连接出现未知错误 (0x80005000)
- 如何在 C# 中转义字符串,以用于 LDAP 查询
- LDAP - 检索所有属性/值的列表?
- Active Directory:检索用户信息
- ASP.NET Active Directory 成员资格提供程序和 SQL 配置文件提供程序
- 如何从 Active Directory 获取用户的电子邮件地址?
- 获取 Active Directory 组的成员并检查它们是启用还是禁用
- 如何在 C# 中将图像文件上传到 Active Directory 用户配置文件?
- 如何在 ASP.NET 中列出 Windows 用户和组?