LisaJ
2020-12-08 13:14:51
Depends on what you want to read -- file system or directory data.
File system:
You can map a drive with "net use", process the data in the directory, then unmap the drive. You can supply a domain in the credentials -- e.g. net use x: \\ws1\share user:DomainA\user /pass:S0m3th1ng and, when done, net use x: /d to unmap. Then net use x: \\ws2\share user:DomainB\user /pass:S0m3th1ngE15e and net use x: /d ... I'd use a securestring to stash the password for a real implementation.
Directory Data: Most of the powrshell commands accept -server and -credential as options. As an example:
Get-ADGroupMember <groupname> -server ws1.example.com -credential (get-credential)
热门帖子
热门github
6
Thank you very much for your answer. So theoretically I just need to know the IPs of both Domain Controllers to which I want to connect, and in each of them I need to have a user who has read permissions for the DC I want to read from and write permissions for the DC I want to write to, than I can use the active directory module. Correct?
Yup. I've had batch operation servers have to be out of the domain completely (I don't have to understand the security requirements, just have to follow them!) and used this approach to read/write against the Active Directory domain. I usually do a DNS lookup for the SRV records associated with a specific site instead of hard-coding domain controller hostnames (unless there are firewalls involved and I have to use a specific domain controller).
Perfect, that's just what I needed to know. I appreciate the advice on using SRV records (I immediately check if the domain controllers have generated them correctly), so as not to use constants in the code. So I guess the last thing I have left to do is create two users, one in the DC I have to read about and one on the DC I have to write to, with the necessary permissions. Thanks