Upload
hadi-soltani
View
224
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Translate by Amir RajabiExam-70-640
Citation preview
Windows Server 2008 1392
1
Active Directory Domain Services
. (User Account) .
Active Directory Domain Services 2008 Active Directory Domain Controller DC forest Active Directory . Active Directory
Active 2008. Directory .
. DC Active Directory forest 8 . contoso.com DC
"Authentication" 11 "Domain Controllers" 11 "Domains and Forests" forest forest 11 . 2008 "Active
Directory Lightweight Directory Services" 11 "Active Directory Certificate Services and Public Key Infrastructures" 11 "Active Directory Rights Management Services" 11 "Active Directory
Federation Services" Active Directory Active Directory Lightweight Directory Active Directory Certificate Services and Public Key Infrastructures Active Directory Rights Management Service
Active Directory Federated Services
Active Directory o forest
1 :Active Directory Domain Services 1 : Active Directory Domain Services Server Core
:
. 2008 http://technet.microsoft.com/en- . 2008
us/windowsserver/2008/bb414778.aspx 512 . MB 10 GB . GHz 1.4 11 GHz 1 21
. . ) ( : 2008
http://www.microsoft.com/windowsserver2008
DC Identity and Access . . DC
. DC 2008 .
. ( Server Core2008 (Server Core .
. 2008 DC .
http://technet.microsoft.com/en-us/windowsserver/2008/bb414778.aspxhttp://technet.microsoft.com/en-us/windowsserver/2008/bb414778.aspxhttp://technet.microsoft.com/en-us/windowsserver/2008/bb414778.aspxhttp://www.microsoft.com/windowsserver2008Windows Server 2008 1392
identity and 2008 DC access
Active Directory Domain Services: 1 Active Directory Domain Services (AD DS) Identity and Access (IDA . (
. 2008 Active Directory AD DS Active Directory Domain Server Manager Services . IDA Active Directory .
:
Identity and Access . Active Directory DC AD DS .
11 : Active Directory Identity and Access
IDA . IDA Active Directory : IDA . e-mail
. .
( Security Subsystem. ) ( ACL ) . ACL
. . ( Identity Store. ) ( SID )
IDA . Active Directory . DC . AD DS DC
. . IDA
( Authentication )
Active Directory Kerberos . Kerberos Active Directory
Domain Kerberos TGT (Ticket Granting Ticket . ( DC TGT Kerberos
. Service Ticket DC . Service Ticket.
. Kerberos . Service Ticket TGT
. Kerberos IDA .
. ACL.
Windows Server 2008 1392
. . IDA
(Audit) IDA .
AD DS IDA 2008. 2008 Active Directory . IDA . 1-1 .
Active Directory
Active Directory 1-1
Active Directory Domain Services(Identity) AD DS Object ) AD DS .
Management )Group Policy . AD DS
Active AD DS . AD DS . Directory 12 1 . 2008 AD
DS . "Chapter 3:Designing the Active Directory" Active Directory
net.com/Documents/007222343x_ch03.pdf-http://www.reso Windows Server 2003 Best Practices for Enterprise Deployments
AD DS
Windows Server 2008: The Complete Active Directory Domain Services Reference Ruest Ruest (McGraw-Hill Osborn. )
http://www.reso-net.com/Documents/007222343x_ch03.pdfhttp://www.reso-net.com/Documents/007222343x_ch03.pdfWindows Server 2008 1392
Active Directory Lightweight Directory Services (Applications)AD LDS Active Directory Active Directory Application Mode (ADAM) . core AD DS AD LDS . Directory-enabled
code . AD LDS . . DC
AD LDS schema schema AD DS AD LDS .
SSL (schema Lightweight Directory Access Protocol (LDAP . workgroup AD DS AD LDS . . AD DS AD LDS AD LDS . AD LDS
. 11 AD LDS . AD DS Active Directory Certificate Services (Trust) AD CS Certificate Authority (CA)
(public key infrastructure (PKI CA . . private key
AD CS . VPN )IPSec EFS )
. AD CS . AD CS . CA AD CS
. AD DS AD CS .
. 11 AD CS . Advanced Public Key" PKI
Infrastructures" http://www.reso-net.com/articles.asp?m=8
Active Directory Rights Management Services (Integrity) ACL
(Active Directory Rights Management Services (AD RMS . . (Security Templates)
. .
DC Active Directory AD RMS. AD Microsoft SQL Server 2008 IIS 2 2000
RMS 2008 RMS-enabled IE Microsoft Office Microsoft Word Microsoft Outlook Microsoft Power Point
AD DS AD RMS . . 11 AD RMS . AD CS
Active Directory Federation Services (Partnership)AD FS IDA
. .
AD FS . (single sign-on(SSO AD DS
http://www.reso-net.com/articles.asp?m=8Windows Server 2008 1392
Secure) 443 (HTTP)80 TCP/IP AD FS . HTTP) (HTTPS) AD DS . AD FS perimeter AD CS( Trusted ) AD FS.
. 11 AD FS . AD RMS AD LDS AD DS. IDA Active Directory PKI AD CS . AD FS AD RMS .
. Identity and Access
Active Directory IDA .
Active Directory . schema user schema user
. .
1 fine-grained password audit Group Policy . Group Policy Infrastructure 1 Group Policy Settings 8
. ( Replication ) "Sites and Replication"( . Logon Script )
configuration . 11 Active Directory 11 8 .
Active Directory ( Partial attribute set) Global Catalog .
. . Active Directory Services Interface (ADSI) LDAP .
. AD DS Active Directory DNS .
AD DS Active Directory integrated zone 2008 . Active Directory replication services
Active Directory IDA AD DS AD DS 12 . Active Directory .
Active Directory 2008 TechCenter 2008 Active Directory
us/windowsserver/2008/default.aspx-http://technet.microsoft.com/en Active Directory
. DC AD DS . DC SystemRoot%\Ntds% Ntds.dit
domain naming context Schema Configuration global catalog . : . domain
Domain Controllers
http://technet.microsoft.com/en-us/windowsserver/2008/default.aspxWindows Server 2008 1392
Kerberos Key . AD DS DC Distribution (KDC) 11 . DC .
Domain . . DC
DC identity data . identity store DC .
. account lockout policies password complexity . . DC DC Active Directory . 11 . DC
Forest forest root domain forest. forest Active Directory
instance forest . directory schema instance forest . forest. forest Active Directory
. forest 11 . Tree
. . foresttree DNS antarctica.treyresearch.net treyresearch.net forest treyresearch.net
. namespace )DNS ) treyresearch.net proseware.com DNS . DNS
. forest ) Antarctica Trey Research Active Directory forest 1-1
Antarctica . ( Antarctica . forest Treyresearch.net DNS .
Antarctica.treyresearch.net .
Active Directory forest 1-1
Functional level . forest Active Directory
. : forest AD DS AD DS Windows 2000 native Windows Server 2003 Windows Server 2008 forest :
Microsoft Windows Server 2003 Windows Server 2008 .forest
Windows Server 2008 1392
Windows . AD DS Server 2008
. DC .
Windows Server 2008 DC Windows Server 2008 . forest 11 .
Organizational Unit Active Directory . container . container snap-in )Active Directory Users and Computers . ) container
container Users Computers Builtin . container OU . OU OU . container
GPO . (Group policy objects (GPOs . GPO 1 OU "Administration" 1 . OU
Sites Active Directory .
. . site . DC .
. .
. DC 11 . DC DC
. Active Directory .
. 2008 forest
. Active Directory AD DS DC :
DNS . DNS contoso.com contoso NetBIOS . NetBIOS NT
. DC . forest
2008 DC . Windows Server 2008 .
DNS Active Directory .DNS "Integrating Domain Name System with AD DS" 9 .
. DNS IP DC .IP DC ) static ( . DNS
IP DC . forest DNS DC . DNS . DC DNS
(Account) Administrators . ) Ntds.dit )system volume(SYSVOL) . %SystemRoot%
DC . SYSVOL NTDS C:\Windows .
Windows Server 2008 1392
AD DS . DC
http://technet2.microsoft.com/windowsserver2008/en/library/bab0f1a1- . AD DS 139e8bcc44751033.mspx-9164-4cef-54aa ws Server 2008 Technical LibraryWindo .
AD DS . . AD DS . .
2008 Server .
Manager . 2-1 .Server Manager .
. Server Manager Link )Add Role ) Roles Add Roles . . Add Roles
Server Manager 2 -1 DC
DC AD DS Active Directory Domain Services Dcpromo.exe Active Directory .
Installation .
2008 forest
http://technet2.microsoft.com/windowsserver2008/en/library/bab0f1a1-54aa-4cef-9164-139e8bcc44751033.mspxhttp://technet2.microsoft.com/windowsserver2008/en/library/bab0f1a1-54aa-4cef-9164-139e8bcc44751033.mspxhttp://technet2.microsoft.com/windowsserver2008/en/library/bab0f1a1-54aa-4cef-9164-139e8bcc44751033.mspx[email protected] : 01
Windows Server 2008 1392
. forest . contoso AD DS forest AD DS . 2008 . contoso.com forest DC Active Directory Domain Services
2008 : 1 . 2008
1. DVD . 2008 . . DVD ISO
. .1 DVD
BIOS DVD . DVD 1 -1 . DVD
.
1 -1 Next keyboard layout language ,regional setting .2
. 11 . 1 -1 . Install Now .1
( .x64 ) 11 ( x86 ) 21
[email protected] : 00
Windows Server 2008 1392
Select The Operationg System You Want To Install 1 -1 . Next (Windows Server 2008 Standard (Full Installation .1 . Next I Accept The License Terms .1 . (Custom (Advanced .1 2008 Where Do You Want To Install Windows .8
( extend . ) Driver Options (Advanced) .
. Installing Windows 1 -1 . Next .9 . image 2008 .
.
[email protected] : 02
Windows Server 2008 1392
1 -1
. .
. OK .11 Enter Confirm Password New Password Administrator .11
. : 1
A Z a z 9 0 ! @ # $
. . Administrator . OK .11 2
. TCP/IP
[email protected] : 03
Windows Server 2008 1392
Initial 1 -1 . Administrator .1Configuration Tasks . .
Initial Configuration Tasks 1 -1 : .1
Time Zone : Computer Name :SERVER01 . .
. IP Configure Networking .2 Download And Install Updates .1
. . .1
subnet 10.0.0.20 10.0.0.11 mask . 255.255.255.0
. contoso.com . Network Connections . Configure Networking .11. Local Area Connection . . Change Settings Of This Connection .89. Internet Protocol version 4 (TCP/IPv4) Properties 2008 . TCP/IPv6
. 11. Use The Following IP Address : .
IP Address :10.0.0.11 Subnet Mask :255.255.255.0 Default Gateway : 10.0.0.1 Preferred Dns Server :10.0.0.11
11. OK Close .
[email protected] : 04
Windows Server 2008 1392
Server manager . Add Features Add Roles .11 . . SERVER01
Initial Configuration Tasks . Do Not Show This Window At Logon .12
. oobe.exe . Close .11
. 2008 . Server Manager .
. snapshot snapshot
. AD DS 2008. 2008 forest 3
. 1 1 AD DS . Administrative Tools Server Manager .1 . Add Roles. Add Roles Roles Summary .1 . Next .2 . Next Active Directory Domain Services Select Server Roles .1 . Next Active Directory Domain Services .1 . Install Confirm Installation Selection .1
. Installation Progress Roles Summary. Close Installation Page .1
. "x" Server Manager . Active Directory Domain Services . 8 -1 Server Manager Active Directory Domain Services . Dcpromo.exe
Server Manager Active Directory Domain Services 1 -8
2008 forest 4
[email protected] : 05
Windows Server 2008 1392
2008 forest (Active Directory Domain Services Installation (Dcpromo.exe . OK Dcpromo.exe Run .1
AD DS dcpromo Dcpromo.exe . Server Manager AD DS
. AD DS . 11. Active Directory Domain Services
. Next .1 2008 DC Operating System Compatibility .2
. Next Create A New Domain In A New Forest Choose a Deployment Configuration .1
Next . . Next contoso.com Name The Forest Root Domain .1
. NetBIOS DNS . Next 2008 Set Forest Functional Level .1
2008 forest. Details 2008 forest
. 11. 2008 . DNS Server . Additional Domain Controller Options
Active Directory Domain Services Installation DNS AD DS . DC forest global catalog(GC) DC ( RODC. )
. Next .1 IPv6 . IP
IPv6 1 IPv4 IPv4 . .
( ) IP. Yes .8 DNS . . DNS
. 9 . Yes .9. Next SYSVOL Location For Database Log Files .11
. AD DS .
Password Directory Services Restore Mode Administrator Password .11 .. Next. Confirmed Password
. .11 . Back
. Next .12 Reboot On Completion . . AD DS .
Active Directory identity and access . AD DS IDA . AD DS
.
[email protected] : 06
Windows Server 2008 1392
. 2008 AD DS Server Manager .
Dcpromo.exe AD DS DC .
CD . 1
. . " " ) ( DC .1
A. DNS B. NetBIOS C. DHCP IP DC D. DNS
forest . Litware Trey Research .1 2008 DC Trey Research Forest . Litware Litware DC 2003 2008 DC .
. A. forest 2008 2008 Litware B. forest 2003 2008 Litware C. forest 2008 2003 Litware D. forest 2003 2003 Litware
Server Core Active Directory Domain Services: 2 DC
- 2008 . . Server Core -
Server Core Windows Explorer Microsoft .NET Framework . Server Core .
DC( . Local )Server Core . DC .
: . Server Core
Server Core . AD DS .
11 : Server Core
111 2( Server Core) 2008 Server Core .
.
[email protected] : 07
Windows Server 2008 1392
Server Core . .
Server Core . 9 Active Directory Domain Services
Active Directory Lightweight Directory Services (AD LDS)
Dynamic Host Configuration Protocole (DHCP) DNS Streaming Media ( IIS( . )Dynamic )ASP.NET Hyper-V (Windows Server Virtualization) : 11 Microsoft Failover Cluster
Network Load Balancing
UNIX Multipath I/O
) Removable Storage) ( Bitlocker) Simple Network Management protocol(SNMP)
Windows Internet Naming Service(WINS)
Telnet ) QOS) Server Core
Server Core . 1 1 Server Core Server Core 9-1 ) )Windows Explorer .
Administrator . Administrator DVD 2008
.
[email protected] : 08
Windows Server 2008 1392
Install Windows Operating Systems 1 -9
Initial Configuration Tasks 2008 1-1 . Server Core
?/ . .
Server Core 1-1 Ctrl+Alt+Del Administrator
. :
Net user administrator Netsh interface ipv4 1 IP
Cscript c:\windows\system32\slmgr.vbs (Activate) ato
Netdom Server
Core Ocsetup.exe
.
Oclist.exe
[email protected] : 09
Windows Server 2008 1392
Remote Desktop Cscript c:\windows\system32\scregedit.wsf /AR 0
DC Dcpromo.exe DNS Dnscmd.exe DFS Dfscmd.exe
. AD DS . Server Core Ocsetup.exe . Dcpromo.exe AD DS
Server Core AD DS Dcpromo.exe AD DS Server Core AD DS
. ?/ Dcpromo.exe . dcpromo.exe /?:promotion : DC .
-8535-46fb-402d-http://technt2.microsoft.com/windowsserver2008/en/library/bcd896598da1feb8d4111033.mspx .
Server Core AD DS " Server Core DC " 2 .
DC DC . DC . Dcpromo.exe DC . Active Directory
DC . AD DS DC DC dcpromo.exe /?:demotion Server Core .
DC Administrator AD DS .
Server Core DC . 1 forest contoso.com DC
. 1 . DC Server Core DC Server Core 1
. Server Core 1. DVD . 2008
. . DVD ISO . .1
DVD DVD . DVD BIOS . DVD
Next keyboard layout language ,regional setting .2. . Install Now .1 . Next (Windows Server 2008 Standard (Server Core Installation .1 . Next I Accept The License Terms .1 . (Custom (Advanced .1
http://technt2.microsoft.com/windowsserver2008/en/library/bcd89659-402d-46fb-8535-8da1feb8d4111033.mspxhttp://technt2.microsoft.com/windowsserver2008/en/library/bcd89659-402d-46fb-8535-8da1feb8d4111033.mspx[email protected] : 21
Windows Server 2008 1392
2008 Where Do You Want To Install Windows .8 Driver ( extend . )
Options (Advanced) . . Next .9 . Administrator . .11 Confirm New Password Administrator . .11
Password Enter . : 1
A Z a z 9 0 ! @ # $
. . Administrator . OK .11
Server Core 2 . TCP/IP
. netdom renamecomputer %computername% /newname:Server02 .1"Y" . . Ipv4 .1
Netsh interface ipv4 set address name="Local Area Connection" Source=static address=10.0.0.12 mask=255.255.255.0 Gateway=10.0.0.1 Netsh interface ipv4 set dns name="Local Area Connection" Source=static address=10.0.011 primary
. ipconfig/all IP .2 . shutdown r t 0 .1 . Administrator .1 . netdom join %computername% /domain:contoso.com .1 . Administrator shutdown r t 0 .1 . oclist .8
.DNS-Server-Core-Role : DNS . Enter ocsetup .9
. Server Core ! . OK .11 ocsetup DNS-Server-Core-Role .11
. . DNS oclist .11
Server Core DC 3 . Server Core AD DS Dcpromo
. Enter ?/ Dcpromo.exe .1 .
[email protected] : 20
Windows Server 2008 1392
. Enter dcpromo.exe /?:Promotion .1 .
: AD DS .2Dcpromo /unattend /replicaOrNewDomain:replica /replicaDomainDNSName:contoso.com /Confirmgc:Yes /Username:CONTOSO\Administrator /Password:* /safeModeAdminPassword:P@sword
. OK contoso Administrator .1 . AD DS
DC 4 . Server Core AD DS
. Server Core Administrator .1 password dcpromo /unattend /AdministratorPassword:password .1
Administrator ( Strong ) AD DS . Enter .
2008 Server Core Server Core 2008
. Server Core . Ocsetup.exe Server Core AD DS . AD DS
Dcpromo.exe . DC Dcpromo.exe /unattend .
CD . 1
. contoso.com DC. SERVER02 Administrator .1
. DC . Server Core A. Administrator B. Domain Admins C. Domain Controllers D. DNS
1. SERVER02 Server Core . AD DS . Active Directory Certificate Services(AD CS) .
A. AD CS . B. AD FS . C. AD RMS . D. Windows Server 2008 (Full Installation) .
[email protected] : 22
Windows Server 2008 1392
Active Directory Users And Computers AD DS Active Directory IT . OU
. " " 1 . :
. Active Directory
SERVER01 . 2008 . 1 . contoso.com DC
OU Active Directory Users and Computers snap-in . .
. snap-in( MMC (Microsoft Management Console
. . OU
" Active Directory "
Active Directory snap-in: 1 . Active Directory snap-in
. Active Directory snap-in .
MMC . MMC Administrative Tools ( . Windows Explorer . )
. 1-1 . Actions Show/Hide Action Pane Show/hide Console Tree
Customize View . . snap-in
MMC ) snap-in . ( . snap-in Administrative Tools . MMC Computer Management . Task Scheduler Event Viewer Services
Computer Management . . Task Scheduler Event Viewer Services
Actions . actions MMC Action .
. Actions .
[email protected] : 23
Windows Server 2008 1392
MMC 1 -1 : . MMC
. user . . .
Active Directory . snap-in Active Directory
Active Directory Users and Computers . Active Directory .
Active Directory Site and Services ."Site and Replication" 11 .
Active Direcroty Domains and Trusts trust forest . "Domains and Forests" 12 .
Active Directory Schema Active Directory . schema Active Directory . . . Server . AD DS Active Directory
Manager Active Directory Users and Computers Active Directory Sites and Services features RSAT DC Active Directory.
Server Manager 1 . 2008 .
Active Directory . Server Manager Roles and Active Directory Domain Services
Administrative . Administrative Tools Tools Home System and Maintenance . Administrative Tools
. Administrative Tools .
. Properties .1 . Customize .1
details pane
Show/Hide console tree Show/Hide actions pane
Console tree Actions pane
[email protected] : 24
Windows Server 2008 1392
Display On The System Administrative Tools .2All Programs Menu And The Start Menu Display On The All Programs Menu .
. Display Administrative Tools . OK .1
.
. . Administrator .
. Run As Administrator . Run As Administrator MMC User Account 1-1 . Shift
Control .
. Account Control 1 -1 . .1 . OK .1 .
properties .Advanced Run As Administrator . . User Account Control
Active Directory snap-in
[email protected] : 25
Windows Server 2008 1392
. : MMC
.
. . .
mmc.exe Start Search . MMC MMC Add/Remove Snap-in File . Enter . " MMC " 2 "MMC " 1 " MMC " 1
.
Option File . User author .
User . User . . User-Full Access .
User-Limited Access ( Multiple WindowSingle Window ( .
Author User .
Administrative Tools . msc. Start Menu .
:%userprofile%\AppData\Roaming\Microsoft\Windows\StartMenu .
Start Menu .
. access-denied .
. .
. USB . mmc.exe
. RSAT snap-in . snap-in
. User . Author .
MMC
. . MMC .
[email protected] : 26
Windows Server 2008 1392
MMC 1 Computer Active Directory Users And Computers Active Directory Schema
Management MMC . Active Directory DC . . SERVER01 Administrator .1 . Enter mmc.exe Start Search .1
MMC . 1 -2 Add Or Remove Snap-ins . Add/Remove File .2
.
Add Or Remove Snap-ins 1 -2 . RSAT
Active Directory Users And Available Snap-ins Add Or Remove Snap-ins .1Computers .
Active Directory . Selected Snap-ins Add .1Schema AD DS RSAT .
. OK .1 . cmd.exe Start Search .1 Active DLL . regsvr32.exe schmmgmt.dll .8
Directory Schema . . . OK. .9 . Active Directory Schema 1 1 .11 . File Add/Remove Snap-in .11
[email protected] : 27
Windows Server 2008 1392
Computer Managenent Available Snap-ins Add Or Remove Snap-ins .11 .
1 -1 . Add .12 .
1 -1
Local Computer . Another Computer .
. Browse 11. Another Computer SERVER01 . . Finish .11 . OK .11 . MyConsole.msc .11 . .18
MMC 2 DC 1 Event Viewer
. . MyConsole.msc .1 . Add/Remove Snap-in File .1 . Event Viewer Available Snap-ins Add Or Remove Snap-ins .2 . Add .11. Another Computer SERVER01 . . OK .1
[email protected] : 28
Windows Server 2008 1392
. OK .1 . .8
MMC 3 . extension .
1. MyCosole.msc . . Add/Remove Snap-in File .1 . Event Viewer Selected .2 . Move Up .11. Active Directory Schema . . Remove .1 . Computer Management Selected .1 . Extension. Edit Extensions .89. Enable Only Selected Extensions . 11. Event Viewer . . OK .11 . .11
4 . user
. MMC 1. MyConsole.msc . . Options File .1 . User Mode Full Access Cosole Mode .2 . OK .1 . .1 . .1 . Add/Remove Snap-in. File .1 . .8 . Author .9 . Add/Remove Snap-in author File .11 . .11
MMC . Active Directory Users And Computers
Administrative Tools Server Manager Active Directory .
. . Run As Administrator
[email protected] : 29
Windows Server 2008 1392
MMC . .
user .
Active Directory Users. Contoso, Ltd .1
and Computers . Access Denied . .
A. Server Manager . B. dsa.msc . C. Run As Administrator .
. D. . DSMOD USER
P .
Active Directory: 2 Active Directory
. OU . . . OU
Active Directory Active Directory " Active Directory "
. .
: OU OU Active Directory Users and Computers
11 :
[email protected] : 31
Windows Server 2008 1392
( OU(Organizational Unit OUcontainer Active Directory OU . OU .
OU . . .
OUcontainer . : OU
1. Active Directory Users and Computers snap-in Organizational New OU OU Domain .1
Unit . OU .2 Protect Container From Accidental Deletion .1 . OU . OK .1
. . Properties OU .1
OU . OU Description. Managed By . OU
Select . Name Change . OU User,Contact,Or Group . .
Select User,Contact,Or Group . Groups Object Types Name Managed By .
Managed By. . OU
. OK .1. Protect Container From Accidental Deletion : 2008
OU . OU : Everyone::Deny::Delete Everyone::Deny::Delete Subtree . . . OU
: OU . OU Advanced Features View Active Directory Users And Computers snap-in .1 Properties OU .1 Advanced Features Object . Object .2
. Protect Container From Accidental Deletion .1 . OK .1 . delete OU .1 . Yes . OU .1 OU OU .8
Confirm Subtree Deletion . Yes .
. Active Directory .1. Active Directory Users And Computer snap-in .
[email protected] : 30
Windows Server 2008 1392
container OU( contoso.com ) .1 ( .Users )
. User New container OU .2 . New Object-User 1-1
. First Name .1 . middle Initials .1 . Last Name .1 Full Name . Full Name
CN . CN OU container . OU container.
. Full Name
New Object - User 1 -1 User Logon Name .1
. @ UPN( User Principle Name ) ( ) Active Directory
. Smith-Bates O'Hara
Active Directory Domains And Trusts UPN . . Properties snap-inActive Directory Domains And Trusts .
Active Directory DNS . UPN Suffixs .
1111 (User Logon Name (Pre-Windows 2000 .8 .
"" 2 . Next .9
[email protected] : 32
Windows Server 2008 1392
. Confirm Password Password .11 . User Must Change Password At Next Logon .11
IT .
. .
. Next .11 . finish .12
. New Object User . Active Directory
. . Properties .11 . .11
" " 8 2 . .
OK .11 .
. .
. :
1. Active Directory Users And Computers snap-in . container OU( contoso.com . ) .1
. . Group New OU container .2 . Group Name .1
. . . 2000
. (Group Nmae(Pre-Windows 2000 .1 . .1
o Security . .
[email protected] : 33
Windows Server 2008 1392
. Distribution
New Object - Group 1 -1
( .Group Scope ) .1o Global o Domain Local
. . o Universal .
. "" 1 Interim Mixed
Security Domain Local Global 12 . . "Forests " . OK .8
. . Properties .9 . .11
. Member Of Members
. 1 . Active Directory Users And Computers snap-in Description
. . Notes . Name Change . Managed By
,Select User . Groups Object Type Contact, Or Group .
. Name Managed By Managed By
[email protected] : 34
Windows Server 2008 1392
Manager Can Update Membership List . . Name
(Delegation . 2 . ( . OK .11
. Active Directory
. ( Join ) (. Desktop101$)
: Active Directory . 1. Active Directory Users And Computers snap-in . container OU( contoso.com . ) .1
( .Users ) . Computer New OU container .2 .. Computer Name .1
. ( Computer Name (Pre-Windows 2000 . (Computer Name(Pre-Windows 2000 .1 Domain Admins . User Or Group .1
. Change . .
. "" 1 join . Assign This Computer Account As A Pre-Windows 2000 Computer
. NT 4.0
New Object - Computer 1 -1
OK .1 .
. Properties .8
[email protected] : 35
Windows Server 2008 1392
. .9 .
) ( Description .
Active Directory Users And Computers snap-in Description .
DNS Name DC Type Site . Operating System Name Version Service Pack .
. . Name Change . Managed By
,Select User . Groups Object Type Contact, Or Group . Managed By . Managed By . Name
. . . OK .11
Active Directory . Active Directory
: . Active Directory o . o .
. o ) Linked Properties . )
Managed By . . Managed By .
o Active Directory . Active Directory
. . Active Directory Users And Computers
Active Directory Users And Computers . View Add/Remove Columns .
. User Logon Name ) OU
. Type( .
Last . Windows Explorer . Name .
DN . . Active Directory Users And Computers Saved Queries 2003
. : OU Active Directory Users And Computers .1
Server Manager Active Directory Users And Computers
[email protected] : 36
Windows Server 2008 1392
Active Directory Users And Computers .
Query New Saved Queries .1 .2 . Description .1 Browse .1
. OU .
Define Query .1 Find Common Queries .1
. . OK .8
Active Directory Users And Computers (dsa.msc ( .
. ( import( )export) XML
. Last Name .
OU OU OU Last Name . .
. . .
http://www.petri.co.il/saved_queries_in_windows_2003_dsa.htm
Select Users, Contacts, Computers, Or Groups ,Select Users
Contacts, Computers, Or Groups . 8-1 Select . Properties Members . Add
http://www.petri.co.il/saved_queries_in_windows_2003_dsa.htmhttp://www.petri.co.il/saved_queries_in_windows_2003_dsa.htm[email protected] : 37
Windows Server 2008 1392
Select Users, Contacts, Computers, Or Groups 1 -8 . Enter The Objects Names To Select OK . 8-1 ";" Check Names . . 9-1
Check Names 1 -9 OK . dan jfine 8-1 . . Check Names
Dan . 9-1 jfine Multiple Names Found . 11 -1 OK .
. 9 -1
Multiple Names Found 1 -11 . Select
. Location ( Local)
[email protected] : 38
Windows Server 2008 1392
( Select Users, Contacts, Computers, Or Groups) Select . . Managed By . . Select .
Object Types 11 -1 Objects Types OK . -1 . Select Advanced 11 Common Queries . . Object Types .
Object Types 1 -11
[email protected] : 39
Windows Server 2008 1392
Select 1 -11
Find . Active Directory Active Directory Find Objects In Active Directory Domain Services
Users And Computers 12 -1 . . Find
. In .
. In Find .
Find 1 -12
[email protected] : 41
Windows Server 2008 1392
. . Custom Search Find . OU " *OU=*main " . LDAP Advanced OUDomain controllers . "main" . Domain "main"
. ( wildcard)
. Find Now . Properties Move Delete Add Printer Wizard . Search Active Directory . . OpenQueryWindow rundll dsquery .
Dsquery Active Directory Users And Computers Dsquery . DS "DS"
DS . ?/ dsquery.exe . DS dsquery userdsquery computerdsquery group .
dsquery ou OU . description . name . . ( samid-) 1111 . (desc-) . ?/ dsquery objecttype *dsquery user name jam "jam" name .
dsquery. .. 1 "*" . DN 11 -1
Dsquery 1 -11 o samid . o DN . o upn 1111
CNDNRDNDN Active Directory . Active Directory DN . DN CN=James Fine,OU=People,DC=contoso,DC=com James Fine DN top-level DNS . CN
common name Full Name CN .OU OU DC . RDN (relative distinguished name (RDN container OU DN DNOUPeople . CN RDN .CN=James Fine
OU=People,DC=contoso,DC=com RDN OU=People.
[email protected] : 40
Windows Server 2008 1392
. container RDN DN : . CN OU . . DNs Active Directory . .
Active Directory OU . Active Directory
. . .
OU 1 Users and Computers container Actvie Directory .
OU . OU . OU. contoso.com . SERVER01 Administrator .1 . Active Directory Users And Computers .1 . Domain .2 . Organizational Unit New Domian .1 . People OU .1 . Protect Container From Accidental Deletion .1 . OK .1 . Properties OU .8 . Non-administrative user identities Description .9 . OK .11 . OU 11 1 .11
OU OU Clients Client computers
Groups Non-administrative groups
Admins Administrative identities and groups
Servers Servers
2 . OU Active Directory Users And Computers Server01 Administrator .1
. . People OU " " .1
. . People OU( contoso.com ) Domain .2
[email protected] : 42
Windows Server 2008 1392
. User New People OU .1 . Dan First Name .1 . Holme Last Name .1 . dholme User Logon Name .1 . dholme (User Logon Name (Pre-Windows 2000 .8 . Next .9 . .11 . User Must Change Password At Next Logon .11 . Next .11 . Finish .12 . Properties .11 . . Properties .11 . OK .11 . People OU 11 2 .07
James Fine
o First name: James
o Last name: Fine
o Full name: James Fine
o User logon name: jfine
Barbara Mayer
o First name: Barbara
o Last name: Mayer
o Full name: Barbara Mayer
o User logon name: bmayer
o Pre-Windows 2000 logon name: bmayer
Barbara Moreland
o First name: Barbara
o Last name: Moreland
o Full name: Barbara Moreland
o User logon name: bmoreland
o Pre-Windows 2000 logon name: bmoreland
. People OU 11 2 .18 .
. Admins OU 11 2 .19 . admin_ .
3 OU . join
. . 1
[email protected] : 43
Windows Server 2008 1392
Active Directory Users And Computers Server01 Administrator .1 .
. Servers OU ( contoso.com ) Domain .1 . Computer New Servers OU .2 . FILESERVER01 Computer Name .1 . (Computer Name (Pre-Windows 2000 .1 . . User Or Group Field .1 . OK .1 . Properties .8 . .9 . OK .11 . 8 2 .11
SHAREPOINT02
EXCHANGE03
. Clients OU 8 2 .11 DESKTOP101
DESKTOP102
LAPTOP103
4 . OU . Active Directory Users And Computers Server01 Administrator .1
. . Groups OU( contoso.com ) Domain .1 . Group New Groups OU .2 . Finance Group Name .11. Group Type Security . 1. Group Scope Global . . OK .1 . Properties .8 . . .9 . OK .11 : Groups OU global 8 2 .11
o Finance Managers
o Sales
o APP_Office 2007
: Admins OU global 8 2 .11o Help Desk
[email protected] : 44
Windows Server 2008 1392
o Windows Administrators
5 .
. Select . Active Directory Users And Computers Server01 Administrator .1
. . Admins OU Properties .1 . Member Of .2 . Add .1 . Domain Admins Select Groups .1 . OK .1 . OK .1 . Admins OU Help Desk Properties .8 . Members .9 . Add .11 . Barb Select .11 . Check Names .1112. Barbara Mayer OK . . OK .11 . OK .11 . Groups OU APP_Office 2007 Properties .11 . Members .11 . Add .18 . DESKTOP101 Select .19 . Check Names .11 . Name Not Found Cancel .11 . Object Types Select .1112. Computers OK . . Check Names .11 . OK .11
Active Directory 6
. .
[email protected] : 45
Windows Server 2008 1392
Active Directory Users And Computers Server01 Administrator .1 .
. Find Objects In Active Directory Domain Services .1 . contoso.com In .2 . Barb Name .1 . Find Now .1 . Barbara .1 . .1 . Network .8 . Search Active Directory .9 . 1 2 .11 New Saved Queries Active Directory Users And Computers .11
. Query . All Users Name .11 . Users for the entire domain Description .12 . Define Query .11 . Has A Value Name Users .11 . OK .1111. View Add/Remove Columns . . Add Available Last Name .18 . Remove Displayed Type .19 . OK .11 . Description Name Last Name .11 . Last Name .11
OU container .
OU. .
. Properties.
Description Managed By Notes .
[email protected] : 46
Windows Server 2008 1392
OU . View Advanced Features . Properties OU Object
.
OU Dsrm. elevated .1
Dsrm Failed: Access. James Is Denied .
A. Administrators . B. Administrators OU . C. ( owner . ( D. OU .
Active Directory (Delegation) : 2 . OU . Administrators
. Administrators . . . Active Directory( ACL) :
Active Directory . Active Directory
(effective ) OU 21:
. . . . Active Directory
.
[email protected] : 47
Windows Server 2008 1392
access control entries (ACEs) ( ) .ACE discretionary access control list (DACL) .DACL ACL
. ( Auditing) ( SACL) . Active
Directory . . Active Directory ACL
ACL Active Directory . ACL : Active Directory Users And Computers .1 View Advanced Features .1 Properties .2 Security .1
. Properties Security Advanced Features . 11 -1 Properties Security
Active Directory Properties Security 1 -11 Advanced .1
Security
[email protected] : 48
Windows Server 2008 1392
. Active Directory Advanced Advanced Security Settings .
11 -1
1 -11 Advanced Security Settings ACE . DACL Permission . DACL ACE . . ACE
. Edit entry entry ACE .1 11 -1 entry ACE Permission Entry .
[email protected] : 49
Windows Server 2008 1392
Permission Entry 1 -11
DACL 11 -1 . .
. . . . . reset . reset . . ACEAllow::Modify Permissions . . ( Child) .
OU ACEAllow::Create Computer Objects. OU . . Apply To Properties Object
Advanced Security Settings . James Fine Delegation . DACL ACE
Of Control OUUsers . ACTIVE DIRECTORY USERS AND COMPUTERS .1 Advanced Features View .1
[email protected] : 51
Windows Server 2008 1392
Properties .2 Security .1 Advanced .1 Add .1
Add Edit .
. Select .1 . .
. OK .8 . Permission Entry
. .9 . Allow::Reset Password Object . OK .11
.
OU . OU . OU OU .
. container OU. OU container . . Include Inheritable Permissions From This Object's
Parent 11 -1 . . . OU Apply To .
Permission Entry . : . ( container OU ) : Advanced Include Inheritable Permissions From This Object's Parent : .
Security Settings . . . . ( explicit)
explicit . explicit . ( deny) ( .allow) . . explicit
Delegation Of Control Permission Entry DACL . . Delegation Control . . ACTIVE DIRECTORY USERS AND COMPUTERS .1 Delegation Control ( OU ) .1
. . OU .
[email protected] : 50
Windows Server 2008 1392
. . Next .2 . Add Users or Groups .1 . OK Select .11. Next . . Force Password Reset User Passwords . Tasks To Delegate .1
Change at Next Logon . . Next .8 ACE . Finish .9
. . Advanced Security Settings and Permission Entry DACL . DN . Dsacls.exe : OUPeople .
Dsacls.exe "ou=people,dc=contoso,dc=com" : syntax . dsacls
Dsacls.exe /?
Advanced .
Security Settings Permission Entry . Advanced Security Settings Restore Default . schemaActive Directory
s/ Dsacls. DACL explicit . . t/
OUPeople : Dsacls "ou=people,dc=contoso,dc=com" /resetdefaultdacl
(effective) explicit ACE OU . . Allow::Reset . explicit ACE
. ACE . .
. . .
. ( deny) . . . . . .
[email protected] : 52
Windows Server 2008 1392
. explicit . explicit .
explicit Advanced Security Settings Effective Permissions . Dsacls . . . Active Directory Windows: .
Administration Resource Kit:Productivity Solutions for IT Professionals ) (.1118
OU containerOU (visibility) . : . OU PeopleOU . OU . OUPeople . .
. OUPeople . .
. Admins OU . . OUPeopleOU . OUClients . Server Administration OUServers Active Directory . OU Active Directory . OU. OU . OU OUClients .
. . . OU
. Active Directory. 1 ActiveACL contoso.com
Directory " 1 . Active Directory" .OU .
1 . OUPeople .Active Directory Users And Computers SERVER01Administrator .1
[email protected] : 53
Windows Server 2008 1392
Delegate Control OUPeople( contoso.com) Domain .1 .Delegation Of Control
. Next .2 . AddUsers Or Groups .1 . OKHelp Desk Select .1 . Next .1 Reset User Passwords And Force Password Change At Next LogonTask To Delegate .1
. . Next .8 . Finish .9 2 . . Active Direcotry Users And Computers SERVER01Administrator .1 . Properties OUPeople .1
Advanced Features. Security . Properties Security
. Properties OK .2 . Advanced Features View .1 . Properties OUPeople .1 . Security .1 . Advanced .1 . Help Desk Permission Entries .8 . Edit .9 . OK Permission Entry .11 . Help Desk 11 8 .11 Help Desk 11 1 OUPeople ACL .11
. .Enter "dsacls "ou=people,dc=contoso,dc=com .12 . Help Desk .11 Active Directory
. ACE DACLActive Directory . DACLAdvanced Security Settings Properties . Delegation of Control ACL . Advanced Security Settings Dsacls/resetDefaultDACL
. OU .OUOU . explicit
. explicit .
explicit . explicit .
[email protected] : 54
Windows Server 2008 1392
. reset .1A. Delegation of Control Wizard B. DSACLS C. DSUTIL D. Advanced Security Settings
2
identity and access (Active Directory Domain Services(AD DS " " 1
. identity . .
. " " 1
. . Microsoft Windows PowerShell .
. .
Windows PowerShell Microsoft Visual Basic Script (VBScript) .
. .
Active Directory
o Active Directory o Active Directory :
: 1 1 :Windows PowerShell VBScript : 2
. contoso.com DC SERVER01
. 1
[email protected] : 55
Windows Server 2008 1392
. . .
. .
. .
: 1 . Active Directory Users And Computers 1
1 . .
: ( Templates. ) CSVDE LDIFDE
21 :
. ( home folders ) ( roaming )
. .
. NT 4.0 .
.
.. Copy Object User . Copy
. Properties .
: . General . Address .
. Account ) home drive )
. Organization . Member Of . .
[email protected] : 56
Windows Server 2008 1392
Active Directory Users And Computers . assistant division
Active . ( employee ID( )employee type)Directory Users And Computers View Advanced Features .
. Attribute Editor Properties assistant division.
.
Active Directory schema . 827832 Knowledge Base .
http://support.microsoft.com/kb/827832 . .
(DS )Comma-Seperated Values data Exchange(CSVDE ) LDAP Data Interchange Format Data Exchange (LDIFDE) Windows PowerShell
. .
Active Directory DS . DS . Dsquery.exe 1
: 2008 Dsadd Dsget Dsmod Dsmove OU container Dsrm Dsquery
o DN. dn user principle samid dn, rdn, upn name(UPN) dn (rdn )pre-Windows 2000 logon names(security account manager ID) .
. DN DS : Mike Fitzmaurice
Dsadd user "cn=Mike Fitzmaurice,ou=People,dc=contoso,dc=com"
) DN . DN . user Mike Fitzmaurice )DN : .
Dsrm user "cn=Mike Fitzmaurice,ou=People,dc=contoso,dc=com"
Dsmod.exe Dsquery.exe Dsget.exe DS . DN .
. Dsget user "cn=Mike Fitzmaurice,ou=People,dc=contoso,dc=com" -hmdir
http://support.microsoft.com/kb/827832http://support.microsoft.com/kb/827832[email protected] : 57
Windows Server 2008 1392
Active hmdir DS Directory Users And Computers .
Dsadd DSADD USER UserDN. Active Directory
. :
Dsadd user "user dn" -samid pre-windows 2000 logon name pwd {password | *} -
mustchpwd yes
. "*". pwd mustchpwd .
DSADD USER . DSADD. company email -profile
USER : DSADD USER /? Help And Support Center 2008 .
. SAM ID %username% webpg email -hmdir -profile DSADD USER
: -hmdir \\server01\users\%username%\documents
CSVDE
Active Directory (comma-delimited comma-separated csv . (
. Microsoft Office Excel Notepad CSVDE Access Excel
. : CSVDE
Csvde [-i] [-f Filename] [-k]
Active Directory. i k. f .
CSVDE Object Already Exist Constraint Violation Attribute Or Value Already Exists .
( txt. csv. ) . LDAP : .
DN,objectClass,SamAccountName,sn,givenName,userPrincipleNam
"cn=Lisa Andrews,ou=People,dc=contoso,dc=com",user,lisa.andrews ,
Lisa,Andrews,[email protected]
. OU People Lisa Andrews CSVDE .
. .
file://server01/users/%25username%25/documents[email protected] : 58
Windows Server 2008 1392
. "" 1 "" 1 Help and ?/ csvde CSVDE
Support Center . 2008 LDIFDE
LightWeight Directory. Active Directory Access Protocol Data Interchange Format (LDIF)
LDIF. LDAP LDIFDE.
. LDIF . LDIF
":" . Tony Krijnen April Stewart .
: LDIF . Dn: CN=April Stewart,OU=People,DC=contoso,DC=com
ChangeType: add
CN: April Stewart
Objectclass: user
sAMAccountName: april.stewart
userPrincipleName: [email protected]
givenName: April
sn: Stewart
displayName: Stewart, April
mail: [email protected]
description: Sales Representative in the USA
Title: Sales Representative
Department: Sales
Company: Contoso, Ltd.
Dn: CN=Tony Krijnen,OU=People,DC=contoso,DC=com
ChangeType: add
CN: Tony Krijnen
Objectclass: user
sAMAccountName:tony.krijnen
userPrincipleName: [email protected]
givenName: Tony
sn: krijnen
displayName: Krijnen, Tony
mail: [email protected]
description: Sales Representative in the Netherlands
Title: Sales Representative
Department: Sales
Company: Contoso, Ltd.
ChangeType. DN )(. delete)( modify)( add :
LDIF . LDIF
mailto:[email protected]:[email protected]:%[email protected]:%[email protected][email protected] : 59
Windows Server 2008 1392
. LDIFDE LDIF : . ?/ ldifde
-I . Active Directory .
-f FileName LDIF . . Active Directory Newusers.ldf
Ldifde -I -f newusers.ldf
. 1-2. LDIFDE 1 -2
-i -f filename
-s servername DC -c FromDN ToDN FromDN ToDN
-v Verbose
-j path Log ?-
-d RootDN LDAP .
-r Filter LDAP .(objectClass=*)
-p SearchScope . subtree (container onelevel( container) base( (container (
-l list .
-o list .
-k Constraint Violation Object Already Exists
. LDIFDE CSVDE 640-70
Active Directory. LDIFDE . I Active Directory
Dsadd . .
[email protected] : 61
Windows Server 2008 1392
LDIFDE CSVDE . .
.
. contoso.com OU People OU Groups global security OU Groups Sales 1
. .
. Administrator SERCER01 .1 . Active Directory Users And Computers .1 . User New OU People .2 . Sales_ First Name .1 . Template Last Name .1 . Next salestemlate_ User Logon Name .1 . Confirm Password Password .1
. Finish Next . Account Is Disabled .8 . OU People "_"
. . Properties .9 . Organization .11 .Sales Department .11 . Contoso,Ltd Company .11 . Member Of .12 . Add .11 . OK Sales .11 . Profile .11 . %Server01\profiles\%username\\ Profile Path .1118. OK .
. .
. copy Sales_ .19 . Object-User
.Jeff First Name .11 .Ford Last Name .11 . Next jeff.ford User Logon Name .11 . Confirm Password Password .12 . Account Is Disabled .11
file://Server01/profiles/%25username%25[email protected] : 60
Windows Server 2008 1392
11. Next Finish . Jeff Ford properties .11
Dsadd 1 . OU People Mike Fitzmaurice Dsadd
. .1 : Enter .1
Dsadd user "cn=Mike Fitzmaurice,ou=People,dc=contoso,dc=com" samid mike.fitz pwd * -
mustchpwd yes -hmdir \\server01\users\%username%\documents -hmdrv u:
. 1. .2. Mike properties Active Directory Users And Computers .1
. CSVDE 2
comma-delimited . .
Bullet . bullet. Notepad .1 .
DN,objectClass,sAMAccountName,sn,givenName,userPrincipleName
"cn=Lisa Andrews,ou=People,dc=contoso,dc=com",user,lisa.andrews,Lisa,Andrews,lisa.andre
"cn=David Jones,ou=People,dc=contoso,dc=com",user,david.jones,David,Jones,david.jones@con
toso.com
. Newusers.txt Documents .1 . .2 . Enter cd %userprofile%\Documents .1 . Enter csvde I f newusers.txt k .1
. . . Active Directory Users And Computers .1
. refresh 2000 UPN .1
NewUsers.txt . LDIFDE 1 .
. . . Notpad .1
Dn: CN=April Stewart,OU=People,DC=contoso,DC=com
ChangeType: add
CN: April Stewart
Objectclass: user
sAMAccountName: april.stewart
userPrincipleName: [email protected]
givenName: April
file://server01/users/%25username%25/documentsmailto:[email protected][email protected] : 62
Windows Server 2008 1392
sn: Stewart
displayName: Stewart, April
mail: [email protected]
description: Sales Representative in the USA
Title: Sales Representative
Department: Sales
Company: Contoso, Ltd.
Dn: CN=Tony Krijnen,OU=People,DC=contoso,DC=com
ChangeType: add
CN: Tony Krijnen
Objectclass: user
sAMAccountName:tony.krijnen
userPrincipleName: [email protected]
givenName: Tony
sn: krijnen
displayName: Krijnen, Tony
mail: [email protected]
description: Sales Representative in the Netherlands
Title: Sales Representative
Department: Sales
Company: Contoso, Ltd.
. Newusers.ldf Documents .1Notepad .txt .
ldf LDIF .
. .2 . Enter cd %userprofile%\Documents .1 . Enter ldifde I f newusers.ldf k .1
. . Active Directory Users And Computers .1
. refresh . NewUsers.ldf .1
Active Directory .
. . .
. Dsadd . comma-delimited CSVDE . LDIFDE Active Directory .
LDIF .
mailto:[email protected]:%[email protected]:%[email protected][email protected] : 63
Windows Server 2008 1392
. 1111 Excel .1
. .
A. . B. LDIFDE I . C. CSVDE I D. DSADD USER .
. .1A. LDIFDE B. Dsmod C. DEL D. CSVDE
VBScript PowerShell: 2 . 1
. VBScript PowerShell PowerShell.
. :
Windows PowerShell . 2008 PowerShell cmdlets variables aliases namespaces
providers . PowerShell . VBScript .
11 : PowerShell
PowerShell 2008 . 640-70 . PowerShell Active ( ) cmdlets PowerShell Directory . PowerShell Windows
PowerShell Scripting Guide Ed Wilson .2008) ) PowerShell 121 cmdlet .
. cmdlet command shell cmd.exe BASH
Microsoft .NET Framework PowerShell .
PowerShell . 2008 Server Manager . . Add Features
[email protected] : 64
Windows Server 2008 1392
Windows PowerShell Windows PowerShell. cmd.exe PowerShell. Pin To Start Menu
PowerShell 1 -2 . PS prompt .
Windows PowerShell 2 -1 shell
PowerShell . PowerShell PowerShell . . PowerShell cmd.exe PowerShell cmdlet copy dir cmd.exe . xcopy attrib.exe
. cmdlet. cmdlets PowerShell . - Cmdlet.
. Start-Service Get-Service . cmdlet
Cmdlets PowerShell ) *.PSL )PowerShell .
NET. instance NET. . Get-Service . .
cmdlet PowerShell cmdlet . . properties
. startup . .
[email protected] : 65
Windows Server 2008 1392
. stop start( . . method ) .
. NET. cmdlet cmdlet Get-Service PowerShell .
cmdlet . 1 -2
Get-Service cmdlet 2 -1
-2 Format-List Get-Service . . 2
. Ger-Service Format-List cmdlet 2 -2
. cmdlet Get-Service cmdlet Format-List cmdlet. cmdlet Get-Service .
cmdlet cmdlet Format-List. .
[email protected] : 66
Windows Server 2008 1392
.
"formt list" cmd.exe . . "get-service"
cmdlet Format-List "*" . .
Get-service | format-list -property *
cmdlet Get-Help PowerShell
PowerShell . cmdlet Get-Help cmdlet :
Get-help get-service
get-help get-command detailed . full detailed . get-help get-command full
PowerShell . -cmdlet Get DNS$ . ( $ )
Service DNS : $DNS=get-service DNS
. object reference : DNS cmdlet( status . )
$DNS.status
pipeline variable . pipeline pipeline variable . : "_$"
Get-services- | where=object { $_.status eq "Running"}
. cmdlet Where-Object . Running pipeline variable
cmdlet where-object. cmdlet
where : . Get-service | where {$_.status eq "Running"}
cmdlet . PowerShell cmdlet Dir cmdlet . Get-ChildItem
. UNIX Ls alias cmdlet
Alias dir
. Get-Children Dir cmdlet PowerShell
Cmd.exe . dir/s . dir recurse PowerShell
PSDrive Provider
[email protected] : 67
Windows Server 2008 1392
Cmdlet . . . . provider .
PowerShell PowerShell provider . provider
drive letter . PSDrive provider powerShell . map
PowerShell PSDrive drive letter . PowerShell PSDrive .
HKCU HKLM Hive HKEY_CURRENT_USER HKEY_LOCAL_MACHINE PowerShell . .
: Cd hklm:\software
Dir
PSDrive. environment . get-psdrive
PowerShell . Active Directory PowerShell
PowerShell : $objOU=[ADSI]"LDAP://OU=People,DC=contoso.com"
$objUser=$objOU.Create("user",CN=Mary North")
$objUser.Put("sAMAccountName","mary.north")
$objUser.SetInfo()
: PowerShell Active Directory . OU container .1 . RDN Create container .1 . Put .2 . Active Directory SetInfo .1
. Active Directory container
. container container . PowerShell Active Directory Services Interface (ADSI) ( type adapter. ) Active Directory Active diectory. PowerShell NET Framework. . : DN //:LDAP LDAP
$objOU=[ADSI]"LDAP://OU=People,DC=contoso.com"
PowerShell ADSI OU People objOU.
. "$" Create
Create container . OU People objOU$ RDN. RDN: .
[email protected] : 68
Windows Server 2008 1392
. RDN CN=object name. container RDN OU OU=organizational unit name RDN DC=domain name .
. RDN CN=Mary North $objUser=$objOU.Create("user",CN=Mary North")
. objUser$
LDAP . 2000.
sAMAccountName . sAMAccountName Put :. Put.
$objUser.Put("sAMAccountName","mary.north")
Active (Security Identifier (SID Directory .
SetInfo : SetInfo
$objUser.SetInfo()
. sAMAccountName . Put .
: $objUser.put("sAMAccountName",$samAccountName)
$objUser.put("userPrincipalName",$userPrincipleName)
$objUser.put("displayName",$displayName)
$objUser.put("givenName",$givenName)
$objUser.put("sn",$sn)
$objUser.put("description",$description)
$objUser.put("company",$company)
$objUser.put("department",$department)
$objUser.put("title",$title)
$objUser.put("mail",$mail)
$objUser.SetInfo()
SetInfo. . . .
. ()GetInfo. ()SetInfo Active Directory Users And Computers Attribute Editor LDAP Attribute Editor . View Advanced Features .
: . LDAP $objUser.psbase.properties
$objUser | get-mamber
.
PutEx() .
[email protected] : 69
Windows Server 2008 1392
PowerShell user array PutEx
SetPassword Put :
$objUser.SetPassword("C0mp!exP@ssw0rd")
. . LDAP Kerberos PowerShell
.. Put ( flag . )
: $objUser.psbase.invokeSet("AccountDisabled",$false)
$objUser.SetInfo()
PowerShell 640-70
PowerShell cmdlet. .
Excel. Excel CSV. . PowerShell( CSV. ) comma-delimited
: Newusers.csv csv.. Newusers.csv
Cn,sAMAccountName,FirstName,LastName
John Woods,john.woods,Johnathan,Woods
Kim Akers,kim.akers,Kimberly,Akers
. LDAP .
PowerShell : $dataSource=import-csv "newusers.csv"
: foreach . Foreach($dataRecord in $datasource)
{
# do whatever you want to do
}
dataRecord$ ForEach Cmdlet $dataRecord . $dataRecord . :
$dataRecord.FirstName
: $givenName=$datarecord.FirstName
. LDAP :
$objUser.Put("givenName",$givenName)
. givenName LDAP .
.
[email protected] : 71
Windows Server 2008 1392
: Userimport.psl
$objOU=[ADSI]"LDAP://OU=People,DC=contoso,DC=com"
$dataSource=import-csv "NewUsers.csv"
Foreach($dataRecord in $datasource) {
#map variables to data source
$cn=$dataRecord.cn
$sAMAccountName=$dataRecord.sAMAccountName
$givenName=$dataRecord.FirstName
$sn=$dataRecord.LastName
$displayName=$sn + ", " + $givenName
$userPrincipleName=$givenName + "." + $sn + "@contoso.com"
#create the user object
$objUser=$objOU.Create("user","CN="+$cn)
$objUser.Put("sAmaccountName",$sAMAccountName)
$objUser.Put("userPrincipleName",$userPrincipleName)
$objUser.Put("displayName",$displayName)
$objUser.Put("givenName",$givenName)
$objUser.Put("sn",$sn)
$objUser.SetInfo()
$objUser.SetPassword("C0mp!P@ssw0rd")
$objUser.psbase.InvokeSet("AccountDisabled",$False)
$objUser.SetInfo()
}
. container . foreach . dataRecord$ . .
LastName, FirstName displayName$. . [email protected] userPrincipleName$
. OU Create . PowerShell
. PowerShell : PowerShell
Set-executionpolicy remotesigned
PowerShell . .
PowerShell http://www.microsoft.com/technet/scriptcenter/topics/winpsh/manual/run.mspx#EXC .
. . scriptname\. .
: .\UserImport.psl
VBScript
mailto:[email protected]://www.microsoft.com/technet/scriptcenter/topics/winpsh/manual/run.mspx#EXChttp://www.microsoft.com/technet/scriptcenter/topics/winpsh/manual/run.mspx#EXC[email protected] : 70
Windows Server 2008 1392
VBScript . vbs Notepad VBScript .
Wscript.exe :
Cscript.exe scriptname
automation (Windows Scripting Host (WSH Cscript.exe Wscript.exe framework VBScript .
VBScript VBScript Active Directory ADSI VBScript . : PowerShell
Set obj=Getobject("LDAP://OU=People,DC=contoso,DC=com")
Set objUser=objOU.Create("user","CN=Mary North")
objUser.Put "sAMAccountName","mary.north"
objUser.SetInfo()
GetObject VBScript. OU container ADSI DN . VBScript Set .
DN Create OU PowerShell . Set . . VBScript Put Po