我希望能够在 AD 中看到嵌套组的漂亮图片。有没有什么产品可以帮我实现这一点?
答案1
答案2
我不确定这是否是你要找的,但我的申请设置ACL工作室具有非常好的用户界面,旨在取代内置的 Windows ACL 编辑器。
它显示文件和文件夹、注册表项、网络共享、打印机、服务和 WMI 对象的权限。当然,更改权限和所有权也很容易。
答案3
如果您使用的是 Windows 计算机,则可以使用命令dsget group通过-members -expand嵌套扩展具有成员资格的组。我不确定这是否是您想要的,但如果您尚未找到更优雅的解决方案,我希望它能有所帮助。作为警告,此代码是我脑海中浮现的,因为我不再有权访问 Windows 计算机:
$all_members = []
$nested_groups = []
dsquery group -limit 0 | ?{$_ -imatch "cn=$your_groupname,"} | dsget group -members -expand | % {
# these are all the members of the group, including those groups with
# membership via nesting
# you could omit the users by extracting the group name from $_
# and testing that they are a group
$possible_group = $_
if ( $possible_group -imatch "cn=([^,]+)," ) {
$possible_group_name = $matches[1]
$all_members += $possible_group_name
# this condition may or may not work. if not, get sample output
# from calling dsquery group on a user and use that as the condition
# instead
if ( dsquery group -name $possible_group_name -ne $null ) {
# alternatively, you could make each member of $nested_groups
# an array, make this a function, and recursively collect
# the entire nesting of this and all sub-groups
$nested_groups += $possible_group_name
}
}
}
write-host "groups in $your_groupname, via nesting"
$nested_groups | % {
write-host "`t$_"
}
Write-host "groups and users in $your_groupname, via nesting"
$all_members | % {
write-host "`t$_"
}
我希望这段代码对你有用,如果不行,那可能是我的记忆力不好,出现了小错误。
祝你好运! :)