xud6的笔记本

Active Directory

A 6 post collection


清理 GPO 中 Extra Registry Settings

 •  Filed under Active Directory, windows

对于Office Deployment中Setting值为Software\Policies\Microsoft\Office\11.0\Word\DisabledCmdBarItemsCheckBoxes\FileOpenToolsFind的项,如果在User Configuration中

Remove-GPRegistryValue -Name "Office Deployment" -Key "HKCU\Software\Policies\Microsoft\Office\11.0\Word\DisabledCmdBarItemsCheckBoxes" -ValueName "FileOpenToolsFind"

对应的如果在Computer Configuration中应把HKCU换为HKLM

Powershell 转移 FSMO

 •  Filed under Active Directory, windows

获取当前FSMO

Get-ADForest | select SchemaMaster,DomainNamingMaster
Get-ADDomain | select PDCEmulator,RIDMaster,InfrastructureMaster

转移FSMO

Move-ADDirectoryServerOperationMasterRole -Identity <Target-DC> -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator

强制转移FSMO

Move-ADDirectoryServerOperationMasterRole -Identity <Target-DC> -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator -Force

centos 7 安装windows域ca证书

 •  Filed under centos7, Active Directory, centos

首先从ca服务器下载证书,比如

http://server/certsrv

然后将下载到的cer证书以base64格式导出为crt证书。
将证书上传到服务器以下目录:

/etc/pki/ca-trust/source/anchors

运行update-ca-trust

sudo update-ca-trust

更改Active Directory的默认全名格式

 •  Filed under Active Directory, windows, OP

Active Directory 中默认的全名格式是名字在前姓在后,要改为姓在前只需

  1. 打开ADSI编辑器
  2. 点击操作-连接到
  3. 在选择一个已知命名上下文中选择配置
  4. 编辑CN=user-Display,CN=804,CN=DisplaySpecifiers,CN=Configuration,{{你的域名}}的属性
  5. 修改createDialog为%<sn>%<givenName>
  6. 保存退出

之后在Active Directory中修改姓名是就是姓在前的了。