如何使用 Windows PowerShell 安装 App-V 数据库并转换关联的安全标识符
适用于:Windows 10、Windows 11、Windows Server 2016
使用以下 Windows PowerShell 过程将任意数量的 Active Directory 域服务 (AD DS) 用户或计算机帐户转换为格式化的安全标识符, (SID) 在运行 SQL 脚本时Microsoft SQL Server 使用的标准格式和十六进制格式。
在尝试此过程之前,应阅读并了解以下列表中显示的信息和示例:
。输入:用于转换为 SID 格式的帐户。 此项可以是单个帐户名或帐户名称数组。
。OUTPUTS:具有标准格式和十六进制格式的相应 SID 的帐户名称列表。
示例:
.\ConvertToSID.ps1 DOMAIN\user_account1 DOMAIN\machine_account1$ DOMAIN\user_account2 |Format-List。
$accountsArray = @ (“DOMAIN\user_account1”、“DOMAIN\machine_account1$”、“DOMAIN_user_account2”)
.\ConvertToSID.ps1 $accountsArray |Write-Output -FilePath .\SIDs.txt -Width 200
#>
将任意数量的 Active Directory 域服务 (AD DS) 用户或计算机帐户转换为格式化的安全标识符 (SID)
将以下脚本复制到文本编辑器中,并将其另存为 Windows PowerShell 脚本文件,例如 ConvertToSIDs.ps1。
若要打开 Windows PowerShell 控制台,请单击“ 开始 ”并键入 PowerShell。 右键单击Windows PowerShell,然后选择以管理员身份运行。
<# .SYNOPSIS This Windows PowerShell script will take an array of account names and try to convert each of them to the corresponding SID in standard and hexadecimal formats. .DESCRIPTION This is a Windows PowerShell script that converts any number of Active Directory (AD) user or machine accounts into formatted Security Identifiers (SIDs) both in the standard format and in the hexadecimal format used by SQL server when running SQL scripts. .INPUTS The account(s) to convert to SID format. This can be a single account name or an array of account names. Please see examples below. .OUTPUTS A list of account names with the corresponding SID in standard and hexadecimal formats .EXAMPLE .\ConvertToSID.ps1 DOMAIN\user_account1 DOMAIN\machine_account1$ DOMAIN\user_account2 | Format-List .EXAMPLE $accountsArray = @("DOMAIN\user_account1", "DOMAIN\machine_account1$", "DOMAIN_user_account2") .\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\SIDs.txt -Width 200 #> function ConvertSIDToHexFormat { param([System.Security.Principal.SecurityIdentifier]$sidToConvert) $sb = New-Object System.Text.StringBuilder [int] $binLength = $sidToConvert.BinaryLength [Byte[]] $byteArray = New-Object Byte[] $binLength $sidToConvert.GetBinaryForm($byteArray, 0) foreach($byte in $byteArray) { $sb.Append($byte.ToString("X2")) |Out-Null } return $sb.ToString() } [string[]]$myArgs = $args if(($myArgs.Length -lt 1) -or ($myArgs[0].CompareTo("/?") -eq 0)) { [string]::Format("{0}====== Description ======{0}{0}" + " Converts any number of user or machine account names to string and hexadecimal SIDs.{0}" + " Pass the account(s) as space separated command line parameters. (For example 'ConvertToSID.exe DOMAIN\\Account1 DOMAIN\\Account2 ...'){0}" + " The output is written to the console in the format 'Account name SID as string SID as hexadecimal'{0}" + " And can be written out to a file using standard Windows PowerShell redirection{0}" + " Please specify user accounts in the format 'DOMAIN\username'{0}" + " Please specify machine accounts in the format 'DOMAIN\machinename$'{0}" + " For more help content, please run 'Get-Help ConvertToSID.ps1'{0}" + "{0}====== Arguments ======{0}" + "{0} /? Show this help message", [Environment]::NewLine) { else { #If an array was passed in, try to split it if($myArgs.Length -eq 1) { $myArgs = $myArgs.Split(' ') } #Parse the arguments for account names foreach($accountName in $myArgs) { [string[]] $splitString = $accountName.Split('\') # We're looking for the format "DOMAIN\Account" so anything that does not match, we reject if($splitString.Length -ne 2) { $message = [string]::Format("{0} is not a valid account name. Expected format 'Domain\username' for user accounts or 'DOMAIN\machinename$' for machine accounts.", $accountName) Write-Error -Message $message continue } #Convert any account names to SIDs try { [System.Security.Principal.NTAccount] $account = New-Object System.Security.Principal.NTAccount($splitString[0], $splitString[1]) [System.Security.Principal.SecurityIdentifier] $SID = [System.Security.Principal.SecurityIdentifier]($account.Translate([System.Security.Principal.SecurityIdentifier])) } catch [System.Security.Principal.IdentityNotMappedException] { $message = [string]::Format("Failed to translate account object '{0}' to a SID. Please verify that this is a valid user or machine account.", $account.ToString()) Write-Error -Message $message continue } #Convert regular SID to binary format used by SQL $hexSIDString = ConvertSIDToHexFormat $SID $SIDs = New-Object PSObject $SIDs | Add-Member NoteProperty Account $accountName $SIDs | Add-Member NoteProperty SID $SID.ToString() $SIDs | Add-Member NoteProperty Hexadecimal $hexSIDString Write-Output $SIDs } }
运行在此过程的步骤 1 中保存的脚本,传递要转换为参数的帐户。
例如,
.\ConvertToSID.ps1 DOMAIN\user_account1 DOMAIN\machine_account1$ DOMAIN\user_account2 |Format-List“或”$accountsArray = @ (“DOMAIN\user_account1”、“DOMAIN\machine_account1$”、“DOMAIN_user_account2”)
.\ConvertToSID.ps1 $accountsArray |Write-Output -FilePath .\SIDs.txt -Width 200”