如何使用 Windows PowerShell 安裝 App-V 資料庫及轉換關聯的安全性識別碼

適用於

• Windows Server 2016

使用下列 Windows PowerShell 程式，將任意數目的 Active Directory 網域服務 (AD DS) 使用者或計算機帳戶轉換成格式化的安全標識符， (SID) 標準格式，以及 Microsoft SQL Server 在執行 SQL 腳本時所使用的十六進位格式。

嘗試此程式之前，您應該先閱讀並瞭解下列清單中顯示的資訊和範例：

• 。INPUTS – 用來轉換成 SID 格式的帳戶。 此專案可以是單一帳戶名稱或帳戶名稱陣列。

• 。OUTPUTS - 具有標準和十六進位格式之對應 SID 的帳戶名稱清單。

• 例子 -

  .\ConvertToSID.ps1 DOMAIN\user_account1 DOMAIN\machine_account1$ DOMAIN\user_account2 |Format-List。

  $accountsArray = @ (“DOMAIN\user_account1”， “DOMAIN\machine_account1$”， “DOMAIN_user_account2”)

  .\ConvertToSID.ps1 $accountsArray |Write-Output -FilePath .\SIDs.txt -Width 200

  #>

將任意數目的 Active Directory 網域服務 (AD DS) 使用者或電腦帳戶轉換成格式化的安全識別碼 (SID)

1. 將下列文稿複製到文字編輯器中，並將其儲存為 Windows PowerShell 文稿檔案，例如 ConvertToSIDs.ps1。

2. 若要開啟 Windows PowerShell 主控台，請按兩下 [啟動] 並輸入PowerShell。 以滑鼠右鍵按一下 Windows PowerShell，並選取 \[以系統管理員身分執行\]。

   <#
   .SYNOPSIS
   This Windows PowerShell script will take an array of account names and try to convert each of them to the corresponding SID in standard and hexadecimal formats.
   .DESCRIPTION
   This is a Windows PowerShell script that converts any number of Active Directory (AD) user or machine accounts into formatted Security Identifiers (SIDs) both in the standard format and in the hexadecimal format used by SQL server when running SQL scripts.
   .INPUTS
   The account(s) to convert to SID format. This can be a single account name or an array of account names. Please see examples below.
   .OUTPUTS
   A list of account names with the corresponding SID in standard and hexadecimal formats
   .EXAMPLE
   .\ConvertToSID.ps1 DOMAIN\user_account1 DOMAIN\machine_account1$ DOMAIN\user_account2 | Format-List
   .EXAMPLE
   $accountsArray = @("DOMAIN\user_account1", "DOMAIN\machine_account1$", "DOMAIN_user_account2")
   .\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\SIDs.txt -Width 200
   #>
   
   function ConvertSIDToHexFormat
   {
      param([System.Security.Principal.SecurityIdentifier]$sidToConvert)
      $sb = New-Object System.Text.StringBuilder
       [int] $binLength = $sidToConvert.BinaryLength
       [Byte[]] $byteArray = New-Object Byte[] $binLength
      $sidToConvert.GetBinaryForm($byteArray, 0)
      foreach($byte in $byteArray)
      {
      $sb.Append($byte.ToString("X2")) |Out-Null
      }
      return $sb.ToString()
   }
    [string[]]$myArgs = $args
   if(($myArgs.Length -lt 1) -or ($myArgs[0].CompareTo("/?") -eq 0))
   {
    [string]::Format("{0}====== Description ======{0}{0}" +
   "  Converts any number of user or machine account names to string and hexadecimal SIDs.{0}" +
                  "  Pass the account(s) as space separated command line parameters. (For example 'ConvertToSID.exe DOMAIN\\Account1 DOMAIN\\Account2 ...'){0}" +
                  "  The output is written to the console in the format 'Account name    SID as string   SID as hexadecimal'{0}" +
                  "  And can be written out to a file using standard Windows PowerShell redirection{0}" +
                  "  Please specify user accounts in the format 'DOMAIN\username'{0}" +
                  "  Please specify machine accounts in the format 'DOMAIN\machinename$'{0}" +
                  "  For more help content, please run 'Get-Help ConvertToSID.ps1'{0}" +
                  "{0}====== Arguments ======{0}" +
                  "{0}  /?    Show this help message", [Environment]::NewLine)
   {
   else
   { 
       #If an array was passed in, try to split it
       if($myArgs.Length -eq 1)
       {
           $myArgs = $myArgs.Split(' ')
       }
   
       #Parse the arguments for account names
       foreach($accountName in $myArgs)
       {   
           [string[]] $splitString = $accountName.Split('\')  # We're looking for the format "DOMAIN\Account" so anything that does not match, we reject
           if($splitString.Length -ne 2)
           {
               $message = [string]::Format("{0} is not a valid account name. Expected format 'Domain\username' for user accounts or 'DOMAIN\machinename$' for machine accounts.", $accountName)
               Write-Error -Message $message
               continue
           }
           #Convert any account names to SIDs
           try
           {
               [System.Security.Principal.NTAccount] $account = New-Object System.Security.Principal.NTAccount($splitString[0], $splitString[1])
               [System.Security.Principal.SecurityIdentifier] $SID = [System.Security.Principal.SecurityIdentifier]($account.Translate([System.Security.Principal.SecurityIdentifier]))
           }
           catch [System.Security.Principal.IdentityNotMappedException]
           {
               $message = [string]::Format("Failed to translate account object '{0}' to a SID. Please verify that this is a valid user or machine account.", $account.ToString())
               Write-Error -Message $message
               continue
           }
   
           #Convert regular SID to binary format used by SQL
           $hexSIDString = ConvertSIDToHexFormat $SID
           $SIDs = New-Object PSObject
           $SIDs | Add-Member NoteProperty Account $accountName
           $SIDs | Add-Member NoteProperty SID $SID.ToString()
           $SIDs | Add-Member NoteProperty Hexadecimal $hexSIDString
   
           Write-Output $SIDs
       }
   }
   

3. 執行您在此程式的步驟 1 中儲存的腳本，傳遞要轉換為自變數的帳戶。

   例如，

   .\ConvertToSID.ps1 DOMAIN\user_account1 DOMAIN\machine_account1$ DOMAIN\user_account2 |Format-List“ 或 ”$accountsArray = @ (“DOMAIN\user_account1”， “DOMAIN\machine_account1$”， “DOMAIN_user_account2”)

   .\ConvertToSID.ps1 $accountsArray |Write-Output -FilePath .\SIDs.txt -Width 200”

針對 App-V 問題，請使用 App-V TechNet 論壇。

相關文章

使用 Windows PowerShell 管理 App-V