如何使用Powershell查詢msSFU30MaxUidNumber屬性？

Question

有誰知道一種方法來查詢這個UNIX屬性msSFU30MaxUidNumber 與Powershell Active Directory中？我正在開發一個腳本，根據需要爲用戶分配Unix屬性。我也有Quest AD Powershell模塊。

Answer 1

看來，你可以找到指定至今保存在msSFU30MaxUidNumber屬性上cn=yourYPDomain,cn=ypservers,cn=ypserv30,cn=RpcServices,cn=system,dc=dom,dc=fr的最高值。

這裏給出一個腳本是：我'不能在我的配置，現在來測試它，我只是寫一個簡短的翻譯從VBScript來的PowerShell中a Microsoft Consulting France document發現（第17頁）。

# Get the Yellow page domain and his attribute msSFU30MaxUidNumber 
# dom.fr (dc=dom,dc=fr)is my domain 
# myYPDomain is the name of my yellow Page domain 
$ypDomain = New-Object System.DirectoryServices.DirectoryEntry ("LDAP://societe.fr:389/cn=myYPDomain,cn=ypservers,cn=ypserv30,cn=RpcServices,cn=system,dc=dom,dc=fr","administrateur@dom.fr","admin") 
#$msSFU30MaxUidNumber = $ypDomain.Properties["msSFU30MaxUidNumber"] 
$msSFU30MaxUidNumber = $ypDomain.msSFU30MaxUidNumber 

# Find a given user 
$dn = New-Object System.DirectoryServices.DirectoryEntry ("LDAP://societe.fr:389/dc=dom,dc=fr","administrateur@dom.fr","admin") 
$dsLookFor = new-object System.DirectoryServices.DirectorySearcher($dn) 
$dsLookFor.Filter = "(&(samAccountName=user1)(objectCategory=user))"; 
$dsLookFor.SearchScope = "subtree"; 
$n = $dsLookFor.PropertiesToLoad.Add("cn"); 
$n = $dsLookFor.PropertiesToLoad.Add("distinguishedName"); 
$Usr = $dsLookFor.findOne() 

# Assign new value 
$Usr.msSFU30MaxUidNumber = $msSFU30MaxUidNumber + 1 
$Usr.SetInfo() 

# Save the new Value 
$ypDomain.msSFU30MaxUidNumber = $msSFU30MaxUidNumber + 1 
$ypDomain.SetInfo() 

Answer 2

既然你的任務AD的cmdlet可用，這裏是快速的基於JPBlanc的答案的東西。它假定您正在使用已經有權限對相關廣告屬性的帳戶來運行腳本：

# The -IncludedProperties parameter is needed because msSFU30MaxUidNumber is not part of Get-QADObject's default attribute set 
$ypDomain = Get-QADObject -Identity "cn=myYPDomain,cn=ypservers,cn=ypserv30,cn=RpcServices,cn=system,dc=dom,dc=fr" -IncludedProperties msSFU30MaxUidNumber 

$maxUidNumber = $ypDomain.msSFU30MaxUidNumber 

$newMaxUidNumber = $maxUidNumber + 1 

# Sets the msSFU30UidNumber attribute for User1 

Get-QADUser -samAccountName User1 | Set-QADUser -objectAttributes @{msSFU30UidNumber = $newMaxUidNumber} 

# Increments the msSFU30MaxUidNumber for the YP domain. 

$ypDomain | Set-QADObject -objectAttributes @{msSFU30MaxUidNumber = $newMaxUidNumber} 

Answer 3

我借這個設置UNIX屬性（NISDOMAIN，GID，登陸shell，UIDnumber，UID）http://danieltromp.com/2014/06/09/powershell-ad-enable-unix-attributes/。

我更新了它，以便它也更新存儲的msSFU30MaxUidNumber。我見過的所有腳本都忘記了這一點。 如果將來使用ADUC設置UNIX屬性（或者即使您再次針對另一個OU運行腳本），也可以防止重複的UID編號問題：

Remove-Variable -Name * -Force -ErrorAction SilentlyContinue 
Import-Module ActiveDirectory 
$NIS = Get-ADObject "CN=DOMAIN,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=Domain,DC=com" -Properties:* #Get NIS server information 
$maxUid = $NIS.msSFU30MaxUidNumber #Get the last used User ID 

$usuarios = Get-ADUser -Filter * -SearchBase "OU=NAME,OU=NAME,OU=NAME,DC=Domain,DC=com" -Properties:* #Get all users 
foreach($usr in $usuarios) 
{ 
    if ($usr.mssfu30nisdomain -eq $null){ 
    Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{mssfu30nisdomain="Domain"} #Enable NIS 
    Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{gidnumber="10005"} #Set Group ID 
    Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{loginShell="/bin/bash"} #Set Login Shell 
    $maxUid++ #Raise the User ID number 
    Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{uidnumber=$maxUid} #Set User ID number 
    Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{uid=$usr.SamAccountName} #Set UID 
    Write-Host -Backgroundcolor Green -Foregroundcolor Black $usr.SamAccountName changed #Write Changed Username to console 
    } 
    else{Write-Host -Backgroundcolor Yellow -Foregroundcolor Black $usr.SamAccountName unchanged} #Write Unchanged Username to console with a yellow background 
} 
$NIS | Set-ADObject -Replace @{msSFU30MaxUidNumber = $maxuid++} 
$NIS | Set-ADObject -Replace @{msSFU30MaxUidNumber = $maxuid++}