CN111181935A - Method for batch adding and timed deleting domain users in AD domain security group - Google Patents

Method for batch adding and timed deleting domain users in AD domain security group Download PDF

Info

Publication number
CN111181935A
CN111181935A CN201911319432.8A CN201911319432A CN111181935A CN 111181935 A CN111181935 A CN 111181935A CN 201911319432 A CN201911319432 A CN 201911319432A CN 111181935 A CN111181935 A CN 111181935A
Authority
CN
China
Prior art keywords
domain
security group
users
vpn resource
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911319432.8A
Other languages
Chinese (zh)
Inventor
刘翠媚
凌子文
李文祺
刘可欣
尹婕
殷锦辉
郝霞
郭凤婵
罗序良
吴毅良
陆庭辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Power Grid Co Ltd
Jiangmen Power Supply Bureau of Guangdong Power Grid Co Ltd
Original Assignee
Guangdong Power Grid Co Ltd
Jiangmen Power Supply Bureau of Guangdong Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Power Grid Co Ltd, Jiangmen Power Supply Bureau of Guangdong Power Grid Co Ltd filed Critical Guangdong Power Grid Co Ltd
Priority to CN201911319432.8A priority Critical patent/CN111181935A/en
Publication of CN111181935A publication Critical patent/CN111181935A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]

Abstract

The invention relates to the technical field of data management, in particular to a method for adding domain users in batch and deleting domain users at fixed time in an AD domain security group, which comprises the steps of logging in a domain control transaction processing tool; establishing a form, and inputting domain user information to be added to the form; and importing a table into the domain-controlled transaction processing tool, and executing a CMD command for adding or deleting domain users in the VPN resource security group. According to the invention, a plurality of users under different security group architectures can be added at the same time, so that the working efficiency is improved; manual operation can be reduced, and the operating personnel do not need to check the deletion condition of the domain users one by one, so that manpower and material resources are saved.

Description

Method for batch adding and timed deleting domain users in AD domain security group
Technical Field
The invention relates to the technical field of data management, in particular to a method for adding domain users in batch and deleting domain users at fixed time in an AD domain security group.
Background
The AD domain, i.e. the active directory, is responsible for operations such as storage, addition, deletion, modification, query, etc. of the directory database. With AD, we can find all the information about this object by the object name. The main role of the security group in AD domain control is to centrally manage the domain users in the security group. If a domain user needs to access a new VPN resource, the existing method is: s1, configuring a VPN server, and inputting a special account password newly built in corresponding AD domain control to perform data synchronization such as security group and the like; s2, establishing a security group in AD domain control; s3, associating URL resources needing to be accessed in the VPN server with the security group newly established in the AD domain control; and S4, adding the domain account number of the domain user in the security group newly built in the AD domain control. However, the method has the following disadvantages: only one domain account number of the domain user is added in the security group at each time, and the second domain account number can be added after confirmation; according to the principle of minimizing domain user permissions, the time that each domain user can access a VPN resource group should be limited, but the time limit cannot be set after the domain user joins a domain-controlled security group, so that the domain users in the security group always have the permissions to access the corresponding VPN resources.
Disclosure of Invention
The invention aims to overcome the defect that the addition or deletion of domain users cannot be processed in batch, and provides a method for adding and deleting the domain users in batch in an AD (analog-digital) domain security group at fixed time, which can simultaneously add a plurality of domain users under different security group architectures and improve the working efficiency; manual operation can be reduced, and the operating personnel do not need to check the deletion condition of the domain users one by one, so that manpower and material resources are saved.
In order to solve the technical problems, the invention adopts the technical scheme that:
a method for adding domain users in batch in an AD domain security group is provided, which comprises the following steps:
s1, logging in a domain control transaction processing tool at a PC (personal computer) end;
s2, establishing a form, and inputting domain user information to be added into the form, wherein the domain user information comprises a domain account number, a VPN resource security group name and operation options;
s3, after the step S2, importing a table into the domain control transaction processing tool, and executing a CMD command;
s4, after the step S3, if the domain user in the imported table exists in the corresponding VPN resource security group, the domain user addition fails; otherwise, all domain users in the table are added at the VPN resource security group.
The invention comprises a method for adding domain users in batch in an AD domain security group, which inputs a plurality of domain users to be added and related information into a form and introduces the domain users and the related information into the form, so that a plurality of domain users under different organizational structures can be added at the same time without confirming one by one, and the working efficiency is improved; besides, the situation that the same VPN resource security group is repeatedly added by the same domain user can be avoided.
Further, in step S4, if the imported table has information that the same domain user repeatedly adds the same VPN resource security group, the domain user is added to the VPN resource security group only once.
Further, in step S3, a domain name for confirming the AD domain in the background is further included, so as to ensure that the CMD command is executed in the corresponding AD domain.
Further, in step S2, the domain account number and the VPN resource security group name that are input are uniquely present in the AD domain controller.
Further, in step S2, the input operation option is an "add" option.
The invention also provides a method for deleting the domain users in the AD domain security group at regular time, which comprises the following steps:
s1, logging in a domain control transaction processing tool at a PC (personal computer) end;
s2, establishing a form, and inputting domain user information to be deleted into the form, wherein the domain user information comprises a domain account number, a VPN resource security group name, execution time and operation options;
s3, after the step S2, importing a table into the domain control transaction processing tool, and executing a CMD command;
s4, after the step S3, if the domain user in the imported table does not exist in the corresponding VPN resource security group, the operation is failed; otherwise, all domain users in the table are deleted at the VPN resource security group.
The invention also comprises a method for deleting the domain users in the AD domain security group at regular time, which is characterized in that a plurality of domain users needing to be deleted and related information are input into the table and are imported, so that an operator does not need to check whether VPN resource security group domain users are deleted every day or not and does not need to delete the VPN resource security group domain users one by one.
Further, in step S4, if the imported table includes information that the same domain user has repeatedly deleted the same VPN resource security group, the domain user deletes the same domain user at the time of the execution time input later.
Further, in step S3, a domain name for confirming the AD domain in the background is further included, so as to ensure that the CMD command is executed in the corresponding AD domain.
Further, in step S2, the input domain account number and VPN resource security group name are both unique in the AD domain controller, and the input operation option is a "delete" option.
Further, in step S2, the input execution time is date information including year, month, and day.
Compared with the prior art, the invention has the beneficial effects that:
(1) the invention comprises a method for adding domain users in batch in an AD domain security group, which inputs a plurality of domain users to be added and related information into a form and introduces the domain users and the related information into the form, so that a plurality of domain users under different organizational structures can be added at the same time without confirming one by one, and the working efficiency is improved; besides, the situation that the same VPN resource security group is repeatedly added by the same domain user can be avoided.
(2) The invention also comprises a method for deleting the domain users in the AD domain security group at regular time, which is characterized in that a plurality of domain users needing to be deleted and related information are input into the table and are imported, so that an operator does not need to check whether VPN resource security group domain users are deleted every day or not and does not need to delete the VPN resource security group domain users one by one.
Drawings
Fig. 1 is a schematic structural diagram of a method for batch adding and timed deleting domain users in an AD domain security group according to the present invention.
Detailed Description
The present invention will be further described with reference to the following embodiments. Wherein the showings are for the purpose of illustration only and are shown by way of illustration only and not in actual form, and are not to be construed as limiting the present patent; to better illustrate the embodiments of the present invention, some parts of the drawings may be omitted, enlarged or reduced, and do not represent the size of an actual product; it will be understood by those skilled in the art that certain well-known structures in the drawings and descriptions thereof may be omitted.
The same or similar reference numerals in the drawings of the embodiments of the present invention correspond to the same or similar components; in the description of the present invention, it should be understood that if there is an orientation or positional relationship indicated by the terms "upper", "lower", "left", "right", etc. based on the orientation or positional relationship shown in the drawings, it is only for convenience of describing the present invention and simplifying the description, but it is not intended to indicate or imply that the referred device or element must have a specific orientation, be constructed in a specific orientation, and be operated, and therefore, the terms describing the positional relationship in the drawings are only used for illustrative purposes and are not to be construed as limiting the present patent, and the specific meaning of the terms may be understood by those skilled in the art according to specific circumstances.
Example 1
Fig. 1 shows an embodiment of a method for adding domain users in bulk in an AD domain security group according to the present invention, which includes the following steps:
s1, logging in a domain control transaction processing tool at a PC (personal computer) end;
s2, establishing an Excel form, and inputting domain user information to be added into the Excel form, wherein the domain user information comprises domain account numbers, VPN resource security group names and operation options; wherein the input operation option is an 'adding' option;
s3, after the step S2, importing a table into the domain control transaction processing tool, and executing a CMD command;
s4, after the step S3, if the domain user in the imported table exists in the corresponding VPN resource security group, the domain user addition fails; otherwise, all domain users in the table are added at the VPN resource security group.
A plurality of domain users needing to be added and related information are input into the form and are imported, so that a plurality of domain users under different organizational architectures can be added at the same time without being confirmed one by one, and the working efficiency is improved; besides, the situation that the same VPN resource security group is repeatedly added by the same domain user can be avoided.
In this embodiment, CMD is an abbreviation for command, i.e., a command prompt, and the CMD command is "MS-DOS mode" under an OS/2, Win-based operating system. The user may enter the chinese call file directly at the command prompt.
Specifically, in step S4, if the imported table has information that the same domain user repeatedly adds the same VPN resource security group, the domain user is added to the VPN resource security group only once.
Specifically, in step S3, a domain name for confirming the AD domain in the background is further included, so as to ensure that the CMD command is executed in the corresponding AD domain.
Specifically, in step S2, the input domain account number exists only in the AD domain, and the input VPN resource security group name also exists only in the AD domain.
In addition, the input domain user information may further include an execution time, which refers to a time when the add domain user command is executed, and the execution time is date information including year, month, and day. That is, when the domain user information input in the table includes an execution time item, a Windows timing task named "task _ domain account" is generated, where the timing task is mainly to execute a CMD command at the execution time 00:00 input in the table template, and the CMD command is dsqueryuser-samid domain account ^ dsmod group 'CN ^ VPN resource security group, DC ═ XXXX' - -addmbr; when the same domain user repeatedly adds the same VPN resource security group, the execution time of the later input covers the execution time of the previous input, namely, the later input is added according to the execution time of the later input. And when the input domain user information does not have one execution time item, the domain control transaction processing tool immediately executes a CMD command for adding the domain user in the addition table to the VPN resource security group with the corresponding name by default.
The specific CMD command of the domain adding user is as follows: the dsquery user-samid domain account | dsmod group "CN ═ VPN resource security group, DC ═ XXXX" -addmbr; where XXXX in "DC ═ XXXX", is a known domain control domain name.
Example 2
Fig. 1 shows an embodiment of a method for deleting domain users in an AD domain security group at regular time according to the present invention, which includes the following steps:
s1, logging in a domain control transaction processing tool at a PC (personal computer) end;
s2, establishing an Excel form, and inputting domain user information to be deleted into the Excel form, wherein the domain user information comprises domain account numbers, VPN resource security group names, execution time and operation options; wherein, the input operation option is a 'delete' option;
s3, after the step S2, importing a table into the domain control transaction processing tool, and executing a CMD command;
s4, after the step S3, if the domain user in the imported table does not exist in the corresponding VPN resource security group, the operation is failed; otherwise, all domain users in the table are deleted at the VPN resource security group.
By inputting a plurality of domain users needing to be deleted and related information into the form and importing the domain users, an operator does not need to check whether the domain users deleting the VPN resources are safe or not every day and does not need to delete the domain users one by one.
Specifically, in step S4, if the imported table has information that the same domain user has repeatedly deleted the same VPN resource security group, the domain user deletes the previously input execution time by using the later input execution time, that is, the domain user deletes the previously input execution time at the later input execution time.
Specifically, in step S3, a domain name for confirming the AD domain in the background is further included, so as to ensure that the CMD command is executed in the corresponding AD domain.
Specifically, in step S2, the input domain account number exists only in the AD domain, and the input VPN resource security group name also exists only in the AD domain.
Specifically, in step S2, the input execution time is date information including year, month, and day. The execution time refers to a time when the delete domain user command is executed.
The specific CMD command for deleting the domain user is as follows: schtasks/create/tn "task _ domain account"/tr '"c \\ windows \ system32\ cmd.exe' \/ c dsquery user-samid domain account ^ dsmod group 'CN ═ VPN resource security group, DC ═ XXXX' -rmmbr \"/f/sc once/st 00:00/sd execution time; where XXXX in "DC ═ XXXX", is a known domain control domain name. For the situation that users in the same domain delete the same VPN resource security group repeatedly, a Windows timing task named as "task _ domain account" is generated, wherein the timing task mainly executes a CMD command at the execution time 00:00 input by a form template, and the CMD command comprises the following contents: the dsquery user-samid domain account number ^ dsmod group 'CN ^ VPN resource security group, DC ^ XXXX' -rmmbr; when the same domain user deletes the same VPN resource security group repeatedly, the execution time of the later input covers the execution time of the earlier input, namely, the deletion is carried out according to the execution time of the later input when the deletion is carried out.
It should be understood that the above-described embodiments of the present invention are merely examples for clearly illustrating the present invention, and are not intended to limit the embodiments of the present invention. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the claims of the present invention.

Claims (10)

1. A method for adding domain users in batch in an AD domain security group is characterized by comprising the following steps:
s1, logging in a domain control transaction processing tool at a PC (personal computer) end;
s2, establishing a form, and inputting domain user information to be added into the form, wherein the domain user information comprises a domain account number, a VPN resource security group name and operation options;
s3, after the step S2, importing a table into the domain control transaction processing tool, and executing a CMD command;
s4, after the step S3, if the domain user in the imported table exists in the corresponding VPN resource security group, the domain user addition fails; otherwise, all domain users in the table are added at the VPN resource security group.
2. The method of claim 1, wherein in step S4, if the imported table has information that the domain user repeatedly adds the same VPN resource security group, the domain user is added to the VPN resource security group only once.
3. The method for bulk adding domain users in an AD domain security group according to claim 1, further comprising confirming the domain name of the AD domain master in the background in step S3 for ensuring that the CMD command is executed in the corresponding AD domain master.
4. The method for bulk adding domain users in an AD domain security group according to claim 1, wherein in step S2, the input domain account number and VPN resource security group name are all uniquely existed in the AD domain.
5. The method for batch adding domain users in an AD domain security group according to claim 1, wherein in step S2, the input operation option is an "add" option.
6. A method for deleting domain users in an AD domain security group at fixed time is characterized by comprising the following steps:
s1, logging in a domain control transaction processing tool at a PC (personal computer) end;
s2, establishing a form, and inputting domain user information to be deleted into the form, wherein the domain user information comprises a domain account number, a VPN resource security group name, execution time and operation options;
s3, after the step S2, importing a table into the domain control transaction processing tool, and executing a CMD command;
s4, after the step S3, if the domain user in the imported table does not exist in the corresponding VPN resource security group, the operation is failed; otherwise, all domain users in the table are deleted at the VPN resource security group.
7. The method for deleting domain users at regular intervals in AD domain security groups according to claim 6, wherein in step S4, if the imported table has the information that the same domain user repeatedly deletes from the same VPN resource security group, the domain user deletes at the execution time of the subsequent input.
8. The method for timed deletion of domain users in an AD domain security group according to claim 6, wherein in step S3, the method further comprises confirming the domain name of the AD domain master in the background for ensuring that the CMD command is executed in the corresponding AD domain master.
9. The method for timed deletion of domain users in an AD domain security group according to claim 6, wherein in step S2, the input domain account number and VPN resource security group name are all uniquely present in the AD domain, and the input operation option is "delete" option.
10. The method for timed deletion of a domain user in an AD domain security group according to claim 6, wherein in step S2, the input execution time is date information including year, month and day.
CN201911319432.8A 2019-12-19 2019-12-19 Method for batch adding and timed deleting domain users in AD domain security group Pending CN111181935A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911319432.8A CN111181935A (en) 2019-12-19 2019-12-19 Method for batch adding and timed deleting domain users in AD domain security group

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911319432.8A CN111181935A (en) 2019-12-19 2019-12-19 Method for batch adding and timed deleting domain users in AD domain security group

Publications (1)

Publication Number Publication Date
CN111181935A true CN111181935A (en) 2020-05-19

Family

ID=70657560

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911319432.8A Pending CN111181935A (en) 2019-12-19 2019-12-19 Method for batch adding and timed deleting domain users in AD domain security group

Country Status (1)

Country Link
CN (1) CN111181935A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113868194A (en) * 2021-09-09 2021-12-31 苏州浪潮智能科技有限公司 Management method, device, system and medium for local user group of storage equipment
CN114844697A (en) * 2022-04-29 2022-08-02 杭州云缔盟科技有限公司 Method, device and application for realizing remote access of Windows computer to AD domain
CN115834532A (en) * 2023-01-19 2023-03-21 苏州浪潮智能科技有限公司 Method, device, equipment and medium for mapping AD domain user to storage system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6144959A (en) * 1997-08-18 2000-11-07 Novell, Inc. System and method for managing user accounts in a communication network
CN106656927A (en) * 2015-10-30 2017-05-10 北京国双科技有限公司 Method and device for enabling Linux account to be added to AD domain

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6144959A (en) * 1997-08-18 2000-11-07 Novell, Inc. System and method for managing user accounts in a communication network
CN106656927A (en) * 2015-10-30 2017-05-10 北京国双科技有限公司 Method and device for enabling Linux account to be added to AD domain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MAS: "在AD域上批量增加域用户", 《HTTP://WWW.13SY.COM/M/VIEW.PHP?AID=1576》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113868194A (en) * 2021-09-09 2021-12-31 苏州浪潮智能科技有限公司 Management method, device, system and medium for local user group of storage equipment
CN113868194B (en) * 2021-09-09 2024-01-23 苏州浪潮智能科技有限公司 Management method, device, system and medium for local user group of storage equipment
CN114844697A (en) * 2022-04-29 2022-08-02 杭州云缔盟科技有限公司 Method, device and application for realizing remote access of Windows computer to AD domain
CN115834532A (en) * 2023-01-19 2023-03-21 苏州浪潮智能科技有限公司 Method, device, equipment and medium for mapping AD domain user to storage system
CN115834532B (en) * 2023-01-19 2023-05-05 苏州浪潮智能科技有限公司 Mapping method, device, equipment and medium for AD domain user to storage system

Similar Documents

Publication Publication Date Title
CN111181935A (en) Method for batch adding and timed deleting domain users in AD domain security group
US9928256B2 (en) Universal data management interface
KR102317535B1 (en) Methods and systems for implementing data tracking with software development kits
Sheth et al. On transactional workflows
US8782096B2 (en) Virtual repository management
US9515948B2 (en) Techniques for generically accessing data
CN106648589A (en) svn source code online management and shared viewing system and method
CN102156736A (en) Method for transmitting data between SAP (Systems Application) system and SQL (Structured Query Language) database
CN110782233A (en) Authority management method based on OA approval and between business systems
CN101398922A (en) Data synchronization method and device
CN105975489A (en) Metadata-based online SQL code completion method
CN102609357A (en) Method for dynamically building test cases for automatic testing meeting AUTOSAR (automotive open system architecture) standards
CN110209534B (en) System and method for automatically backing up mysql database
JP2002351730A (en) Method and device for filing electronic document
CN116069859A (en) Incremental data synchronization method of database, storage medium and computer equipment
CN101458628A (en) Program edition management method
CN104899013A (en) Calling method and calling device of customized service assembly
CN102629200A (en) Processing method for Web system off-line using
CN113448980A (en) Method and device for generating SQL (structured query language) statement and electronic equipment
WO2017021186A1 (en) A computerized database management system
US20190253484A1 (en) Modifying document metadata with integrated cloud services
CN110554997A (en) File name batch modification method and system
CN103092620A (en) Microsoft Exchange Server 2010 Web service integration development method
CN103309952A (en) Virtual file building and transforming method and system
US20230281009A1 (en) Managing artifact information including finding a searched artifact information item

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200519