Share via

如何安裝 App-V 資料庫並使用 PowerShell 轉換關聯的安全識別碼

  • 發行項

適用於: Application Virtualization 5.0, Application Virtualization 5.0 SP1, Application Virtualization 5.0 SP2, Application Virtualization 5.0 SP3

使用下列 PowerShell 程序將任何數量的 Active Directory 網域服務 (AD DS) 使用者或電腦帳戶,轉換為標準格式及十六進位格式 (執行 SQL 指令碼時 Microsoft SQL Server 所使用) 的格式化安全性識別碼 (SID)。

嘗試進行這個程序前,您應該閱讀並了解以下清單顯示的資訊和範例:

  • .INPUTS – 轉換為 SID 格式的一或多個帳戶。這可以是單一帳戶名稱或帳戶名稱陣列。

  • .OUTPUTS - 有對應 SID (標準和十六進位格式) 的帳戶名稱清單。

  • 範例 -

    .\ConvertToSID.ps1 DOMAIN\user_account1 DOMAIN\machine_account1$ DOMAIN\user_account2 | Format-List

    $accountsArray = @("DOMAIN\user_account1", "DOMAIN\machine_account1$", "DOMAIN_user_account2")

    .\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\SIDs.txt -Width 200

    #>

若要將任何數量的 Active Directory 網域服務(AD DS) 使用者或電腦帳戶轉換為格式化安全性識別碼 (SID)

  1. 將下列指令碼複製到文字編輯器,並儲存為 PowerShell 指令碼檔,例如 ConvertToSIDs.ps1

  2. 若要開啟 PowerShell 主控台,請按一下 [開始] 並輸入 PowerShell。以滑鼠右鍵按一下 [Windows PowerShell],並選取 [以系統管理員身分執行]。

    <#

    .SYNOPSIS

This PowerShell script will take an array of account names and try to convert each of them to the corresponding SID in standard and hexadecimal formats.

.DESCRIPTION

This is a PowerShell script that converts any number of Active Directory (AD) user or machine accounts into formatted Security Identifiers (SIDs) both in the standard format and in the hexadecimal format used by SQL server when running SQL scripts.

.INPUTS

The account(s) to convert to SID format. This can be a single account name or an array of account names. Please see examples below.

.OUTPUTS

A list of account names with the corresponding SID in standard and hexadecimal formats

.EXAMPLE

.\ConvertToSID.ps1 DOMAIN\user_account1 DOMAIN\machine_account1$ DOMAIN\user_account2 | Format-List

.EXAMPLE

$accountsArray = @("DOMAIN\user_account1", "DOMAIN\machine_account1$", "DOMAIN_user_account2")

.\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\SIDs.txt -Width 200

    #>

    function ConvertSIDToHexFormat

    {

       param([System.Security.Principal.SecurityIdentifier]$sidToConvert)

       $sb = New-Object System.Text.StringBuilder

    [int] $binLength = $sidToConvert.BinaryLength

    [Byte[]] $byteArray = New-Object Byte[] $binLength

   $sidToConvert.GetBinaryForm($byteArray, 0)

   foreach($byte in $byteArray)

   {

   $sb.Append($byte.ToString("X2")) |Out-Null

   }

   return $sb.ToString()

    }

     [string[]]$myArgs = $args

    if(($myArgs.Length -lt 1) -or ($myArgs[0].CompareTo("/?") -eq 0))

    {

     [string]::Format("{0}====== Description ======{0}{0}" +

    "  Converts any number of user or machine account names to string and hexadecimal SIDs.{0}" +

               "  Pass the account(s) as space separated command line parameters. (For example 'ConvertToSID.exe DOMAIN\\Account1 DOMAIN\\Account2 ...'){0}" +

               "  The output is written to the console in the format 'Account name    SID as string   SID as hexadecimal'{0}" +

               "  And can be written out to a file using standard PowerShell redirection{0}" +

               "  Please specify user accounts in the format 'DOMAIN\username'{0}" + 

               "  Please specify machine accounts in the format 'DOMAIN\machinename$'{0}" +

               "  For more help content, please run 'Get-Help ConvertToSID.ps1'{0}" + 

               "{0}====== Arguments ======{0}" +

               "{0}  /?    Show this help message", [Environment]::NewLine) 

    {

    else

{  
    #If an array was passed in, try to split it

    if($myArgs.Length -eq 1)

    {

        $myArgs = $myArgs.Split(' ')

    }

    
    #Parse the arguments for account names

        foreach($accountName in $myArgs)

    {    

        [string[]] $splitString = $accountName.Split('\')  # We're looking for the format "DOMAIN\Account" so anything that does not match, we reject

        if($splitString.Length -ne 2)

        {

            $message = [string]::Format("{0} is not a valid account name. Expected format 'Domain\username' for user accounts or 'DOMAIN\machinename$' for machine accounts.", $accountName)

            Write-Error -Message $message

            continue

        }

        

        #Convert any account names to SIDs

        try

        {

            [System.Security.Principal.NTAccount] $account = New-Object System.Security.Principal.NTAccount($splitString[0], $splitString[1])

            [System.Security.Principal.SecurityIdentifier] $SID = [System.Security.Principal.SecurityIdentifier]($account.Translate([System.Security.Principal.SecurityIdentifier]))

        }

        catch [System.Security.Principal.IdentityNotMappedException]

        {

            $message = [string]::Format("Failed to translate account object '{0}' to a SID. Please verify that this is a valid user or machine account.", $account.ToString())

            Write-Error -Message $message

            continue

        }

    
        #Convert regular SID to binary format used by SQL

            $hexSIDString = ConvertSIDToHexFormat $SID

        
        $SIDs = New-Object PSObject

        $SIDs | Add-Member NoteProperty Account $accountName

        $SIDs | Add-Member NoteProperty SID $SID.ToString()

        $SIDs | Add-Member NoteProperty Hexadecimal $hexSIDString

    
        Write-Output $SIDs

        }

    }

  3. 執行您在這個傳遞帳戶轉換為引數的程序之中的第一個步驟所儲存的指令碼。

    例如,

    .\ConvertToSID.ps1 DOMAIN\user_account1 DOMAIN\machine_account1$ DOMAIN\user_account2 | Format-List” or “$accountsArray = @("DOMAIN\user_account1", "DOMAIN\machine_account1$", "DOMAIN_user_account2")

    .\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\SIDs.txt -Width 200”

    您對於 App-V 有任何建議嗎?您可以在這裡加入您的建議,或對建議進行票選。
    您有發現任何 App-V 問題嗎?請利用 App-V TechNet 論壇

另請參閱

其他資源

使用 PowerShell 管理 App-V

-----
您可以在 TechNet Library 中深入瞭解 MDOP、在 TechNet Wiki 上搜尋疑難排解資訊,或是在 FacebookTwitter 上追蹤我們的動態。
-----