0

试图弄清楚如何根据 Novell eDir 的组成员身份映射网络共享。我通过 ADSISEARCHER 在 Technet 中为 ActiveDirectory 找到了一个智能脚本,该脚本在 AD 中运行良好 :)

# extract group names and removes unnecessary characters
$memberOf = ([ADSISEARCHER]"samaccountname=$($env:USERNAME)").Findone().$does.memberof -replace '^CN=([^,]+).+$','$1'

# check if user is member of group A
if($memberOf -contains "GroupA") {
  # map network-drive
  (New-Object -ComObject WScript.Network).MapNetworkDrive('X:','\\filer\sharename')

}

有没有机会为 NDS 使用类似的东西?据我研究,我必须使用 LDAP 连接到 NDS 并列出用户对象的所有组,但还没有多少运气。

谢谢

4

1 回答 1

0

我在那里找到了一个有用的脚本,我只需要稍微编辑一下......

脚本 URL: http: //activedirectoryfaq.com/2014/01/searching-novell-nds-edirectory-with-powershell/

我的最终脚本以防有人需要这个废话:

<#
.SYNOPSIS
    Mapping a network share based on a specific group membership in NDS
.DESCRIPTION
    The script is mapping a network drive, based on a NDS group membership.
    The first match wins!
#>

# --------<SET CORRESPONDING VALUES HERE >--------

# Hostname of eDir Server (e.g.: NDSSRV01):
$LDAPServer = "hostname"

# Name of BaseDN (e.g.: o=MyCompany):
$dn = "o=basedn"

# ------------------------------------------------

# set username of current logged on user
$filter = "(uid=$env:USERNAME)"

# Creating necessary objects
[reflection.assembly]::LoadWithPartialName("system.directoryservices.protocols") | out-null
$ldapIdentifier = new-object directoryservices.protocols.ldapdirectoryidentifier($LDAPServer)
$ldapConnection = new-object directoryservices.protocols.ldapconnection($ldapIdentifier,$null,0)

# Attributes to search for:
# To search for multiple use comma separated list (eg: "groupmembership","cn","emailAddress")
[string[]]$attr = "groupmembership"

# Establishing LDAP connection
$scope = $ADS_SCOPE_SUBTREE
$searchRequest = new-object directoryservices.protocols.searchrequest($dn,$filter,$ADS_SCOPE_SUBTREE,$attr)

$searchRequest.typesonly = $false
$searchRequest.sizelimit = 10
$result = [directoryservices.protocols.searchresponse]$ldapConnection.sendrequest($searchRequest)
$entry = $result.entries

# extract group names and removes unnecessary characters
$membership = $entry[0].Attributes["groupmembership"].getValues([string]) -replace '^CN=([^,]+).+$','$1'

# check if user is member of group A
if($membership -contains "GroupA") {
  # map network-drive
  (New-Object -ComObject WScript.Network).MapNetworkDrive('X:','\\filer\sharegroupa')
}

# check if user is member of group B
elseif($membership -contains "GroupB") {
  # map network-drive
  (New-Object -ComObject WScript.Network).MapNetworkDrive('X:','\\filer\sharegroupb')
}

# elseif() ... and so on

# if nothing matches, then:
else {
  Write-Host 'current user is not a member of a specified group'
}
于 2015-02-26T22:15:44.433 回答