你如何模拟在PowerShell中的Active Directory用户？ [英] How do you impersonate an Active Directory user in Powershell?

问题描述

我试图运行PowerShell的。当我使用Visual Studio（卡西尼）运行页面，以便在Exchange 2007中创建邮箱/等通过web界面（ASP.NET/C#）命令，页面加载正确。然而，当我在IIS（V5.1）运行它，我得到错误未知的用户名或密码错误。我注意到，最大的问题是，PowerShell的是身份登录的ASPNET，而不是我的Active Directory帐户。如何强制我PowerShell会话与其他Active Directory帐户进行身份验证？

基本上，我有剧本到目前为止看起来是这样的：

  RunspaceConfiguration RC = RunspaceConfiguration.Create（）;
PSSnapInException snapEx = NULL;
rc.AddPSSnapIn（Microsoft.Exchange.Management.PowerShell.Admin，出snapEx）;

运行空间运行空间= RunspaceFactory.CreateRunspace（RC）;
runspace.Open（）;

管道管道= runspace.CreatePipeline（）;
使用（管道）
{
   pipeline.Commands.AddScript（获取邮箱-identityuser.name）;
   pipeline.Commands.Add（赛字符串）;

   收藏＆LT; PSObject＆GT;结果= pipeline.Invoke（）;

   如果（pipeline.Error =空＆安培;！＆安培; pipeline.Error.Count大于0）
   {
       的foreach（在pipeline.Error.ReadToEnd对象项目（））
          resultString + =错误：+ item.ToString（）+\ N的;
   }

   runspace.Close（）;

   的foreach（在结果PSObject OBJ）
      resultString + = obj.ToString（）;
}

返回resultString;
 

解决方案

Exchange 2007中不允许冒充出于安全原因的用户。这意味着，它是不可能的（目前）通过模仿用户创建邮箱。为了解决这个问题，我创建了其下有权限创建电子邮件acounts，等等，那么你可以访问该Web服务来获得访问PowerShell的AD用户运行一个Web服务。请记得添加必要的安全性，因为这可能是一个巨大的安全漏洞。

I'm trying to run powershell commands through a web interface (ASP.NET/C#) in order to create mailboxes/etc on Exchange 2007. When I run the page using Visual Studio (Cassini), the page loads up correctly. However, when I run it on IIS (v5.1), I get the error "unknown user name or bad password". The biggest problem that I noticed was that Powershell was logged in as ASPNET instead of my Active Directory Account. How do I force my Powershell session to be authenticated with another Active Directory Account?

Basically, the script that I have so far looks something like this:

RunspaceConfiguration rc = RunspaceConfiguration.Create();
PSSnapInException snapEx = null;
rc.AddPSSnapIn("Microsoft.Exchange.Management.PowerShell.Admin", out snapEx);

Runspace runspace = RunspaceFactory.CreateRunspace(rc);
runspace.Open();

Pipeline pipeline = runspace.CreatePipeline();
using (pipeline)
{
   pipeline.Commands.AddScript("Get-Mailbox -identity 'user.name'");
   pipeline.Commands.Add("Out-String");

   Collection<PSObject> results = pipeline.Invoke();

   if (pipeline.Error != null && pipeline.Error.Count > 0)
   {
       foreach (object item in pipeline.Error.ReadToEnd())
          resultString += "Error: " + item.ToString() + "\n";
   }

   runspace.Close();

   foreach (PSObject obj in results)
      resultString += obj.ToString();
}

return resultString;

解决方案

Exchange 2007 doesn't allow you to impersonate a user for security reasons. This means that it is impossible (at the moment) to create mailboxes by impersonating a user. In order to get around this problem, I created a web service which runs under AD user which has permissions to create email acounts, etc. You can then access this webservice to get access to powershell. Please remember to add the necessary security because this could potentially be a huge security hole.

这篇关于你如何模拟在PowerShell中的Active Directory用户？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！