DSACLS 命令语法片段

 

上一次修改主题: 2006-01-31

此主题提供有关 DSACLS 命令语法文本文件的信息。在名为 DSACLS Snippets 的文件夹中可以找到这些文本文件,该文件夹属于“在 Exchange Server 2003 中使用 Active Directory 权限”的下载内容。下面是这些文本文件的完整列表。

  • Email Addresses Tab – Mail-Enabled Group Object.txt
  • Email Addresses Tab – Mail-Enabled Contact Object.txt
  • Email Addresses Tab – Mailbox or Mail-Enabled User Object.txt
  • Email Addresses Tab – Mailbox or Mail-Enabled InetOrgPerson Object (Exchange 2003).txt
  • Email Addresses Tab – Query-Based Distribution Group (Exchange 2003).txt
  • Exchange Advanced Tab - Query-Based Distribution Group (Exchange 2003).txt
  • Exchange Advanced Tab – Mail-Enabled User Object.txt
  • Exchange Advanced Tab – Mail-Enabled InetOrgPerson Object (Exchange 2003).txt
  • Exchange Advanced Tab – Mail-Enabled Group Object.txt
  • Exchange Advanced Tab – Mail-Enabled Contact Object.txt
  • Exchange Advanced Tab – Mailbox-Enabled User Object (Exchange 2003).txt
  • Exchange Advanced Tab – Mailbox-Enabled User Object (Exchange 2000).txt
  • Exchange Advanced Tab – Mailbox-Enabled InetOrgPerson Object (Exchange 2003).txt
  • Exchange Features Tab – Mailbox-Enabled User Object (Exchange 2003).txt
  • Exchange Features Tab – Mailbox-Enabled User Object (Exchange 2000).txt
  • Exchange Features Tab – Mailbox-Enabled InetOrgPerson Object (Exchange 2003).txt
  • Exchange General Tab – inetOrgPerson Object (Exchange 2003).txt
  • Exchange General Tab – inetOrgPerson Object (Exchange 2000).txt
  • Exchange General Tab – Mail-Enabled User Object (Exchange 2003).txt
  • Exchange General Tab – Mail-Enabled User Object (Exchange 2000).txt
  • Exchange General Tab – Mail-Enabled Group Object (Exchange 2003).txt
  • Exchange General Tab – Mail-Enabled Group Object (Exchange 2000).txt
  • Exchange General Tab – Mail-Enabled Contact Object (Exchange 2003).txt
  • Exchange General Tab – Mail-Enabled Contact Object (Exchange 2000).txt
  • Exchange General Tab – Mailbox-Enabled User Object (Exchange 2003).txt
  • Exchange General Tab – Mailbox-Enabled User Object (Exchange 2000).txt
  • Exchange General Tab – Mailbox-Enabled InetOrgPerson Object (Exchange 2003).txt
  • Exchange General Tab – Query-Based Distribution Group (Exchange 2003).txt
  • Exchange Remove Attributes – InetOrgPerson Object (Exchange 2003).txt
  • Exchange Remove Attributes – User Object (Exchange 2003).txt
  • Exchange Remove Attributes – User Object (Exchange 2000).txt
  • General Tab - Query-Based Distribution Group (Exchange 2003).txt
  • Hiding Group Membership.txt
  • Mail-Disable InetOrgPerson Object (Exchange 2003).txt
  • Mail-Disable User Object (Exchange 2003).txt
  • Mail-Disable User Object (Exchange 2000).txt
  • Mail-Disabling Contact Objects (Exchange 2003).txt
  • Mail-Disabling Contact Objects (Exchange 2000).txt
  • Mail-Disabling Group Objects (Exchange 2003).txt
  • Mail-Disabling Group Objects (Exchange 2000).txt
  • Mail-Enable InetOrgPerson Object (Exchange 2003).txt
  • Mail-Enable User Object.txt
  • Mail-Enabling Contact Objects.txt
  • Mail-Enabling Group Objects.txt
  • Mailbox-Disable User Object (Exchange 2003).txt
  • Mailbox-Disable User Object (Exchange 2000).txt
  • Mailbox-Enable InetOrgPerson Object (Exchange 2003).txt
  • Mailbox-Enable User Object.txt
  • Mailbox Move InetOrgPerson Object (Exchange 2003).txt
  • Mailbox Move User Object.txt
  • Removing Exchange Attributes on Contact Objects (Exchange 2003).txt
  • Removing Exchange Attributes on Contact Objects (Exchange 2000).txt
  • Removing Exchange Attributes on Group Objects (Exchange 2003).txt
  • Removing Exchange Attributes on Group Objects (Exchange 2000).txt
note注意:
如果使用 ADSI Edit (AdsiEdit.msc)、DSACLS (Dsacls.exe) LDP 工具 (Ldp.exe) 或其他任何轻型目录访问协议 (LDAP) 版本 3 客户端不正确地修改了 Active Directory® 目录服务对象,将会导致严重的问题。解决这些问题可能需要重新安装 Microsoft® Windows Server 和 Microsoft Exchange Server 之一,或两者都重新安装。由于不正确修改了 Active Directory 对象属性而引起的问题可能无法解决。修改这些属性的风险由您自己承担。

DSACLS 的格式是:

dsacls "<ContainerPath>" /I:S /G "<Domain>\<Alias>:RPWP;<Attribute>;<ClassObject>" 

其中:

  • <ContainerPath> 是对象(例如域、组织单位)的可分辨名称;
  • <Domain>\<Alias> 是被授予访问权的帐户\组;其中 <Attribute> 是被授予访问权的属性;
  • <ClassObject> 是与属性关联的类对象(用户、组、联系人等)。

/I:S 开关通知 DSACLS 将权限应用于在容器路径中包含的子对象。/G 开关通知 DSACLS 授予需要的权限(与拒绝或删除权限相反)。

RP 参数通知 DSACLS 授予对有问题的属性的读取访问权。WP 参数通知 DSACLS 授予对有问题的属性的写入访问权。

note注意:
DSACLS 的语法是不含换行符的命令行。