本文介绍了如何在 Powershell 中模拟 Active Directory 用户?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试通过 Web 界面 (ASP.NET/C#) 运行 powershell 命令,以便在 Exchange 2007 上创建邮箱/等.当我使用 Visual Studio (Cassini) 运行页面时,页面正确加载.但是,当我在 IIS (v5.1) 上运行它时,出现错误未知用户名或密码错误".我注意到的最大问题是 Powershell 是作为 ASPNET 而不是我的 Active Directory 帐户登录的.如何强制我的 Powershell 会话使用另一个 Active Directory 帐户进行身份验证?

I'm trying to run powershell commands through a web interface (ASP.NET/C#) in order to create mailboxes/etc on Exchange 2007. When I run the page using Visual Studio (Cassini), the page loads up correctly. However, when I run it on IIS (v5.1), I get the error "unknown user name or bad password". The biggest problem that I noticed was that Powershell was logged in as ASPNET instead of my Active Directory Account. How do I force my Powershell session to be authenticated with another Active Directory Account?

基本上,我到目前为止的脚本看起来像这样:

Basically, the script that I have so far looks something like this:

RunspaceConfiguration rc = RunspaceConfiguration.Create();
PSSnapInException snapEx = null;
rc.AddPSSnapIn("Microsoft.Exchange.Management.PowerShell.Admin", out snapEx);

Runspace runspace = RunspaceFactory.CreateRunspace(rc);
runspace.Open();

Pipeline pipeline = runspace.CreatePipeline();
using (pipeline)
{
   pipeline.Commands.AddScript("Get-Mailbox -identity 'user.name'");
   pipeline.Commands.Add("Out-String");

   Collection<PSObject> results = pipeline.Invoke();

   if (pipeline.Error != null && pipeline.Error.Count > 0)
   {
       foreach (object item in pipeline.Error.ReadToEnd())
          resultString += "Error: " + item.ToString() + "
";
   }

   runspace.Close();

   foreach (PSObject obj in results)
      resultString += obj.ToString();
}

return resultString;

推荐答案

出于安全原因,Exchange 2007 不允许您模拟用户.这意味着(目前)无法通过模拟用户来创建邮箱.为了解决这个问题,我创建了一个在 AD 用户下运行的 Web 服务,该用户有权创建电子邮件帐户等.然后您可以访问此 Web 服务以访问 powershell.请记住添加必要的安全性,因为这可能是一个巨大的安全漏洞.

Exchange 2007 doesn't allow you to impersonate a user for security reasons. This means that it is impossible (at the moment) to create mailboxes by impersonating a user. In order to get around this problem, I created a web service which runs under AD user which has permissions to create email acounts, etc. You can then access this webservice to get access to powershell. Please remember to add the necessary security because this could potentially be a huge security hole.

这篇关于如何在 Powershell 中模拟 Active Directory 用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-20 20:53