如何知道 Microsoft Active Directory 服务器将为特定对象填充哪些属性及其值?
How to know what are the attributes and its values will be populated by Microsoft Active Directory server for particular object?
每当我尝试在 Microsoft Active Directory 中创建 computer
对象时,如下所示:
var ldap = require('ldapjs');
var client = ldap.createClient({
url: 'ldap://<<host>>:389'
});
client.bind('<<Admin DN>>', '<<password>>', function(err) {
if(err){
console.log('error',err);
}else{
console.log('bind is success');
}
});
var newDN = "CN=testcomputeruser,OU=testou,DC=test,DC=com";
var newUser = {
cn: 'newtestComputer334',
objectClass: 'computer',
description: 'This is test implementation hence this is test description.',
//System will populate 'netbootInitialization':'TestNetbootInitialization',
//System will populate 'netbootGUID':'b0ae470c-16bc-4019-b455-8c96ec515f55',
//System will populate 'netbootMachineFilePath':'TestNetbootMachineFilePath',
//System will populate 'siteGUID':'1010101011',
//System will populate 'netbootSIFFile':'TestnetbootSIFFile',
//System will populate 'netbootMirrorDataFile':'TestnetbootMirrorDataFile',
//System will populate 'msDS-AdditionalDnsHostName':'TestmsDS-AdditionalDnsHostName',
//System will populate 'msDS-AdditionalSamAccountName':'TestmsDS-AdditionalSamAccountName',
//System will populate 'msDS-ExecuteScriptPassword':'10100111100011100',
//System will populate 'netbootDUID':'10100111100011010101',
}
client.add(newDN, newUser,function(err, resp) {
console.log('newDN : ', newDN);
console.log('newUser : ' ,newUser);
if(err){
console.log('error',err);
}else{
console.log('new user is success');
//////////////////////////////////////////
client.unbind(function(err) {
if(err){
console.log('error unbind : ',err);
}else{
console.log('unbind is success');
}
});
//////////////////////////////////////////
}
})
此处 netbootSIFFile, netbootMirrorDataFile, msDS-AdditionalDnsHostName, msDS-AdditionalSamAccountName, msDS-ExecuteScriptPassword and netbootDUID
等属性的值将由 Microsoft Active Directory 填充。
根据架构,我们找不到相同的任何指标。
有什么方法可以从每个对象的 Active Directory (LDAP) 架构中找到系统属性 class?
如果您通过 LDAP(例如 CN=Computer,CN=Schema,CN=Configuration,DC=test,DC=com
)在模式中读取 Computer
的 class 对象,您可以读取 systemMayContain
attribute,这是一个列表"can only be modified by the system."
的属性
或者您可以只创建一个计算机对象,设置它允许您使用的最少数量的属性,然后读回所有具有值的属性。所有你没有设置值的属性都是系统设置的。
每当我尝试在 Microsoft Active Directory 中创建 computer
对象时,如下所示:
var ldap = require('ldapjs');
var client = ldap.createClient({
url: 'ldap://<<host>>:389'
});
client.bind('<<Admin DN>>', '<<password>>', function(err) {
if(err){
console.log('error',err);
}else{
console.log('bind is success');
}
});
var newDN = "CN=testcomputeruser,OU=testou,DC=test,DC=com";
var newUser = {
cn: 'newtestComputer334',
objectClass: 'computer',
description: 'This is test implementation hence this is test description.',
//System will populate 'netbootInitialization':'TestNetbootInitialization',
//System will populate 'netbootGUID':'b0ae470c-16bc-4019-b455-8c96ec515f55',
//System will populate 'netbootMachineFilePath':'TestNetbootMachineFilePath',
//System will populate 'siteGUID':'1010101011',
//System will populate 'netbootSIFFile':'TestnetbootSIFFile',
//System will populate 'netbootMirrorDataFile':'TestnetbootMirrorDataFile',
//System will populate 'msDS-AdditionalDnsHostName':'TestmsDS-AdditionalDnsHostName',
//System will populate 'msDS-AdditionalSamAccountName':'TestmsDS-AdditionalSamAccountName',
//System will populate 'msDS-ExecuteScriptPassword':'10100111100011100',
//System will populate 'netbootDUID':'10100111100011010101',
}
client.add(newDN, newUser,function(err, resp) {
console.log('newDN : ', newDN);
console.log('newUser : ' ,newUser);
if(err){
console.log('error',err);
}else{
console.log('new user is success');
//////////////////////////////////////////
client.unbind(function(err) {
if(err){
console.log('error unbind : ',err);
}else{
console.log('unbind is success');
}
});
//////////////////////////////////////////
}
})
此处 netbootSIFFile, netbootMirrorDataFile, msDS-AdditionalDnsHostName, msDS-AdditionalSamAccountName, msDS-ExecuteScriptPassword and netbootDUID
等属性的值将由 Microsoft Active Directory 填充。
根据架构,我们找不到相同的任何指标。
有什么方法可以从每个对象的 Active Directory (LDAP) 架构中找到系统属性 class?
如果您通过 LDAP(例如 CN=Computer,CN=Schema,CN=Configuration,DC=test,DC=com
)在模式中读取 Computer
的 class 对象,您可以读取 systemMayContain
attribute,这是一个列表"can only be modified by the system."
或者您可以只创建一个计算机对象,设置它允许您使用的最少数量的属性,然后读回所有具有值的属性。所有你没有设置值的属性都是系统设置的。