CN111181935A - Method for batch adding and timed deleting domain users in AD domain security group - Google Patents
Method for batch adding and timed deleting domain users in AD domain security group Download PDFInfo
- Publication number
- CN111181935A CN111181935A CN201911319432.8A CN201911319432A CN111181935A CN 111181935 A CN111181935 A CN 111181935A CN 201911319432 A CN201911319432 A CN 201911319432A CN 111181935 A CN111181935 A CN 111181935A
- Authority
- CN
- China
- Prior art keywords
- domain
- security group
- users
- vpn resource
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Bioethics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of data management, in particular to a method for adding domain users in batch and deleting domain users at fixed time in an AD domain security group, which comprises the steps of logging in a domain control transaction processing tool; establishing a form, and inputting domain user information to be added to the form; and importing a table into the domain-controlled transaction processing tool, and executing a CMD command for adding or deleting domain users in the VPN resource security group. According to the invention, a plurality of users under different security group architectures can be added at the same time, so that the working efficiency is improved; manual operation can be reduced, and the operating personnel do not need to check the deletion condition of the domain users one by one, so that manpower and material resources are saved.
Description
Technical Field
The invention relates to the technical field of data management, in particular to a method for adding domain users in batch and deleting domain users at fixed time in an AD domain security group.
Background
The AD domain, i.e. the active directory, is responsible for operations such as storage, addition, deletion, modification, query, etc. of the directory database. With AD, we can find all the information about this object by the object name. The main role of the security group in AD domain control is to centrally manage the domain users in the security group. If a domain user needs to access a new VPN resource, the existing method is: s1, configuring a VPN server, and inputting a special account password newly built in corresponding AD domain control to perform data synchronization such as security group and the like; s2, establishing a security group in AD domain control; s3, associating URL resources needing to be accessed in the VPN server with the security group newly established in the AD domain control; and S4, adding the domain account number of the domain user in the security group newly built in the AD domain control. However, the method has the following disadvantages: only one domain account number of the domain user is added in the security group at each time, and the second domain account number can be added after confirmation; according to the principle of minimizing domain user permissions, the time that each domain user can access a VPN resource group should be limited, but the time limit cannot be set after the domain user joins a domain-controlled security group, so that the domain users in the security group always have the permissions to access the corresponding VPN resources.
Disclosure of Invention
The invention aims to overcome the defect that the addition or deletion of domain users cannot be processed in batch, and provides a method for adding and deleting the domain users in batch in an AD (analog-digital) domain security group at fixed time, which can simultaneously add a plurality of domain users under different security group architectures and improve the working efficiency; manual operation can be reduced, and the operating personnel do not need to check the deletion condition of the domain users one by one, so that manpower and material resources are saved.
In order to solve the technical problems, the invention adopts the technical scheme that:
a method for adding domain users in batch in an AD domain security group is provided, which comprises the following steps:
s1, logging in a domain control transaction processing tool at a PC (personal computer) end;
s2, establishing a form, and inputting domain user information to be added into the form, wherein the domain user information comprises a domain account number, a VPN resource security group name and operation options;
s3, after the step S2, importing a table into the domain control transaction processing tool, and executing a CMD command;
s4, after the step S3, if the domain user in the imported table exists in the corresponding VPN resource security group, the domain user addition fails; otherwise, all domain users in the table are added at the VPN resource security group.
The invention comprises a method for adding domain users in batch in an AD domain security group, which inputs a plurality of domain users to be added and related information into a form and introduces the domain users and the related information into the form, so that a plurality of domain users under different organizational structures can be added at the same time without confirming one by one, and the working efficiency is improved; besides, the situation that the same VPN resource security group is repeatedly added by the same domain user can be avoided.
Further, in step S4, if the imported table has information that the same domain user repeatedly adds the same VPN resource security group, the domain user is added to the VPN resource security group only once.
Further, in step S3, a domain name for confirming the AD domain in the background is further included, so as to ensure that the CMD command is executed in the corresponding AD domain.
Further, in step S2, the domain account number and the VPN resource security group name that are input are uniquely present in the AD domain controller.
Further, in step S2, the input operation option is an "add" option.
The invention also provides a method for deleting the domain users in the AD domain security group at regular time, which comprises the following steps:
s1, logging in a domain control transaction processing tool at a PC (personal computer) end;
s2, establishing a form, and inputting domain user information to be deleted into the form, wherein the domain user information comprises a domain account number, a VPN resource security group name, execution time and operation options;
s3, after the step S2, importing a table into the domain control transaction processing tool, and executing a CMD command;
s4, after the step S3, if the domain user in the imported table does not exist in the corresponding VPN resource security group, the operation is failed; otherwise, all domain users in the table are deleted at the VPN resource security group.
The invention also comprises a method for deleting the domain users in the AD domain security group at regular time, which is characterized in that a plurality of domain users needing to be deleted and related information are input into the table and are imported, so that an operator does not need to check whether VPN resource security group domain users are deleted every day or not and does not need to delete the VPN resource security group domain users one by one.
Further, in step S4, if the imported table includes information that the same domain user has repeatedly deleted the same VPN resource security group, the domain user deletes the same domain user at the time of the execution time input later.
Further, in step S3, a domain name for confirming the AD domain in the background is further included, so as to ensure that the CMD command is executed in the corresponding AD domain.
Further, in step S2, the input domain account number and VPN resource security group name are both unique in the AD domain controller, and the input operation option is a "delete" option.
Further, in step S2, the input execution time is date information including year, month, and day.
Compared with the prior art, the invention has the beneficial effects that:
(1) the invention comprises a method for adding domain users in batch in an AD domain security group, which inputs a plurality of domain users to be added and related information into a form and introduces the domain users and the related information into the form, so that a plurality of domain users under different organizational structures can be added at the same time without confirming one by one, and the working efficiency is improved; besides, the situation that the same VPN resource security group is repeatedly added by the same domain user can be avoided.
(2) The invention also comprises a method for deleting the domain users in the AD domain security group at regular time, which is characterized in that a plurality of domain users needing to be deleted and related information are input into the table and are imported, so that an operator does not need to check whether VPN resource security group domain users are deleted every day or not and does not need to delete the VPN resource security group domain users one by one.
Drawings
Fig. 1 is a schematic structural diagram of a method for batch adding and timed deleting domain users in an AD domain security group according to the present invention.
Detailed Description
The present invention will be further described with reference to the following embodiments. Wherein the showings are for the purpose of illustration only and are shown by way of illustration only and not in actual form, and are not to be construed as limiting the present patent; to better illustrate the embodiments of the present invention, some parts of the drawings may be omitted, enlarged or reduced, and do not represent the size of an actual product; it will be understood by those skilled in the art that certain well-known structures in the drawings and descriptions thereof may be omitted.
The same or similar reference numerals in the drawings of the embodiments of the present invention correspond to the same or similar components; in the description of the present invention, it should be understood that if there is an orientation or positional relationship indicated by the terms "upper", "lower", "left", "right", etc. based on the orientation or positional relationship shown in the drawings, it is only for convenience of describing the present invention and simplifying the description, but it is not intended to indicate or imply that the referred device or element must have a specific orientation, be constructed in a specific orientation, and be operated, and therefore, the terms describing the positional relationship in the drawings are only used for illustrative purposes and are not to be construed as limiting the present patent, and the specific meaning of the terms may be understood by those skilled in the art according to specific circumstances.
Example 1
Fig. 1 shows an embodiment of a method for adding domain users in bulk in an AD domain security group according to the present invention, which includes the following steps:
s1, logging in a domain control transaction processing tool at a PC (personal computer) end;
s2, establishing an Excel form, and inputting domain user information to be added into the Excel form, wherein the domain user information comprises domain account numbers, VPN resource security group names and operation options; wherein the input operation option is an 'adding' option;
s3, after the step S2, importing a table into the domain control transaction processing tool, and executing a CMD command;
s4, after the step S3, if the domain user in the imported table exists in the corresponding VPN resource security group, the domain user addition fails; otherwise, all domain users in the table are added at the VPN resource security group.
A plurality of domain users needing to be added and related information are input into the form and are imported, so that a plurality of domain users under different organizational architectures can be added at the same time without being confirmed one by one, and the working efficiency is improved; besides, the situation that the same VPN resource security group is repeatedly added by the same domain user can be avoided.
In this embodiment, CMD is an abbreviation for command, i.e., a command prompt, and the CMD command is "MS-DOS mode" under an OS/2, Win-based operating system. The user may enter the chinese call file directly at the command prompt.
Specifically, in step S4, if the imported table has information that the same domain user repeatedly adds the same VPN resource security group, the domain user is added to the VPN resource security group only once.
Specifically, in step S3, a domain name for confirming the AD domain in the background is further included, so as to ensure that the CMD command is executed in the corresponding AD domain.
Specifically, in step S2, the input domain account number exists only in the AD domain, and the input VPN resource security group name also exists only in the AD domain.
In addition, the input domain user information may further include an execution time, which refers to a time when the add domain user command is executed, and the execution time is date information including year, month, and day. That is, when the domain user information input in the table includes an execution time item, a Windows timing task named "task _ domain account" is generated, where the timing task is mainly to execute a CMD command at the execution time 00:00 input in the table template, and the CMD command is dsqueryuser-samid domain account ^ dsmod group 'CN ^ VPN resource security group, DC ═ XXXX' - -addmbr; when the same domain user repeatedly adds the same VPN resource security group, the execution time of the later input covers the execution time of the previous input, namely, the later input is added according to the execution time of the later input. And when the input domain user information does not have one execution time item, the domain control transaction processing tool immediately executes a CMD command for adding the domain user in the addition table to the VPN resource security group with the corresponding name by default.
The specific CMD command of the domain adding user is as follows: the dsquery user-samid domain account | dsmod group "CN ═ VPN resource security group, DC ═ XXXX" -addmbr; where XXXX in "DC ═ XXXX", is a known domain control domain name.
Example 2
Fig. 1 shows an embodiment of a method for deleting domain users in an AD domain security group at regular time according to the present invention, which includes the following steps:
s1, logging in a domain control transaction processing tool at a PC (personal computer) end;
s2, establishing an Excel form, and inputting domain user information to be deleted into the Excel form, wherein the domain user information comprises domain account numbers, VPN resource security group names, execution time and operation options; wherein, the input operation option is a 'delete' option;
s3, after the step S2, importing a table into the domain control transaction processing tool, and executing a CMD command;
s4, after the step S3, if the domain user in the imported table does not exist in the corresponding VPN resource security group, the operation is failed; otherwise, all domain users in the table are deleted at the VPN resource security group.
By inputting a plurality of domain users needing to be deleted and related information into the form and importing the domain users, an operator does not need to check whether the domain users deleting the VPN resources are safe or not every day and does not need to delete the domain users one by one.
Specifically, in step S4, if the imported table has information that the same domain user has repeatedly deleted the same VPN resource security group, the domain user deletes the previously input execution time by using the later input execution time, that is, the domain user deletes the previously input execution time at the later input execution time.
Specifically, in step S3, a domain name for confirming the AD domain in the background is further included, so as to ensure that the CMD command is executed in the corresponding AD domain.
Specifically, in step S2, the input domain account number exists only in the AD domain, and the input VPN resource security group name also exists only in the AD domain.
Specifically, in step S2, the input execution time is date information including year, month, and day. The execution time refers to a time when the delete domain user command is executed.
The specific CMD command for deleting the domain user is as follows: schtasks/create/tn "task _ domain account"/tr '"c \\ windows \ system32\ cmd.exe' \/ c dsquery user-samid domain account ^ dsmod group 'CN ═ VPN resource security group, DC ═ XXXX' -rmmbr \"/f/sc once/st 00:00/sd execution time; where XXXX in "DC ═ XXXX", is a known domain control domain name. For the situation that users in the same domain delete the same VPN resource security group repeatedly, a Windows timing task named as "task _ domain account" is generated, wherein the timing task mainly executes a CMD command at the execution time 00:00 input by a form template, and the CMD command comprises the following contents: the dsquery user-samid domain account number ^ dsmod group 'CN ^ VPN resource security group, DC ^ XXXX' -rmmbr; when the same domain user deletes the same VPN resource security group repeatedly, the execution time of the later input covers the execution time of the earlier input, namely, the deletion is carried out according to the execution time of the later input when the deletion is carried out.
It should be understood that the above-described embodiments of the present invention are merely examples for clearly illustrating the present invention, and are not intended to limit the embodiments of the present invention. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the claims of the present invention.
Claims (10)
1. A method for adding domain users in batch in an AD domain security group is characterized by comprising the following steps:
s1, logging in a domain control transaction processing tool at a PC (personal computer) end;
s2, establishing a form, and inputting domain user information to be added into the form, wherein the domain user information comprises a domain account number, a VPN resource security group name and operation options;
s3, after the step S2, importing a table into the domain control transaction processing tool, and executing a CMD command;
s4, after the step S3, if the domain user in the imported table exists in the corresponding VPN resource security group, the domain user addition fails; otherwise, all domain users in the table are added at the VPN resource security group.
2. The method of claim 1, wherein in step S4, if the imported table has information that the domain user repeatedly adds the same VPN resource security group, the domain user is added to the VPN resource security group only once.
3. The method for bulk adding domain users in an AD domain security group according to claim 1, further comprising confirming the domain name of the AD domain master in the background in step S3 for ensuring that the CMD command is executed in the corresponding AD domain master.
4. The method for bulk adding domain users in an AD domain security group according to claim 1, wherein in step S2, the input domain account number and VPN resource security group name are all uniquely existed in the AD domain.
5. The method for batch adding domain users in an AD domain security group according to claim 1, wherein in step S2, the input operation option is an "add" option.
6. A method for deleting domain users in an AD domain security group at fixed time is characterized by comprising the following steps:
s1, logging in a domain control transaction processing tool at a PC (personal computer) end;
s2, establishing a form, and inputting domain user information to be deleted into the form, wherein the domain user information comprises a domain account number, a VPN resource security group name, execution time and operation options;
s3, after the step S2, importing a table into the domain control transaction processing tool, and executing a CMD command;
s4, after the step S3, if the domain user in the imported table does not exist in the corresponding VPN resource security group, the operation is failed; otherwise, all domain users in the table are deleted at the VPN resource security group.
7. The method for deleting domain users at regular intervals in AD domain security groups according to claim 6, wherein in step S4, if the imported table has the information that the same domain user repeatedly deletes from the same VPN resource security group, the domain user deletes at the execution time of the subsequent input.
8. The method for timed deletion of domain users in an AD domain security group according to claim 6, wherein in step S3, the method further comprises confirming the domain name of the AD domain master in the background for ensuring that the CMD command is executed in the corresponding AD domain master.
9. The method for timed deletion of domain users in an AD domain security group according to claim 6, wherein in step S2, the input domain account number and VPN resource security group name are all uniquely present in the AD domain, and the input operation option is "delete" option.
10. The method for timed deletion of a domain user in an AD domain security group according to claim 6, wherein in step S2, the input execution time is date information including year, month and day.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911319432.8A CN111181935A (en) | 2019-12-19 | 2019-12-19 | Method for batch adding and timed deleting domain users in AD domain security group |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911319432.8A CN111181935A (en) | 2019-12-19 | 2019-12-19 | Method for batch adding and timed deleting domain users in AD domain security group |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111181935A true CN111181935A (en) | 2020-05-19 |
Family
ID=70657560
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911319432.8A Pending CN111181935A (en) | 2019-12-19 | 2019-12-19 | Method for batch adding and timed deleting domain users in AD domain security group |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111181935A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113868194A (en) * | 2021-09-09 | 2021-12-31 | 苏州浪潮智能科技有限公司 | Management method, device, system and medium for local user group of storage equipment |
| CN114844697A (en) * | 2022-04-29 | 2022-08-02 | 杭州云缔盟科技有限公司 | Method, device and application for realizing remote access of Windows computer to AD domain |
| CN115834532A (en) * | 2023-01-19 | 2023-03-21 | 苏州浪潮智能科技有限公司 | Method, device, equipment and medium for mapping AD domain user to storage system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6144959A (en) * | 1997-08-18 | 2000-11-07 | Novell, Inc. | System and method for managing user accounts in a communication network |
| CN106656927A (en) * | 2015-10-30 | 2017-05-10 | 北京国双科技有限公司 | Method and device for enabling Linux account to be added to AD domain |
-
2019
- 2019-12-19 CN CN201911319432.8A patent/CN111181935A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6144959A (en) * | 1997-08-18 | 2000-11-07 | Novell, Inc. | System and method for managing user accounts in a communication network |
| CN106656927A (en) * | 2015-10-30 | 2017-05-10 | 北京国双科技有限公司 | Method and device for enabling Linux account to be added to AD domain |
Non-Patent Citations (1)
| Title |
|---|
| MAS: "在AD域上批量增加域用户", 《HTTP://WWW.13SY.COM/M/VIEW.PHP?AID=1576》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113868194A (en) * | 2021-09-09 | 2021-12-31 | 苏州浪潮智能科技有限公司 | Management method, device, system and medium for local user group of storage equipment |
| CN113868194B (en) * | 2021-09-09 | 2024-01-23 | 苏州浪潮智能科技有限公司 | Management method, device, system and medium for local user group of storage equipment |
| CN114844697A (en) * | 2022-04-29 | 2022-08-02 | 杭州云缔盟科技有限公司 | Method, device and application for realizing remote access of Windows computer to AD domain |
| CN115834532A (en) * | 2023-01-19 | 2023-03-21 | 苏州浪潮智能科技有限公司 | Method, device, equipment and medium for mapping AD domain user to storage system |
| CN115834532B (en) * | 2023-01-19 | 2023-05-05 | 苏州浪潮智能科技有限公司 | Mapping method, device, equipment and medium for AD domain user to storage system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111181935A (en) | Method for batch adding and timed deleting domain users in AD domain security group | |
| US9928256B2 (en) | Universal data management interface | |
| KR102317535B1 (en) | Methods and systems for implementing data tracking with software development kits | |
| Sheth et al. | On transactional workflows | |
| US8782096B2 (en) | Virtual repository management | |
| US9515948B2 (en) | Techniques for generically accessing data | |
| CN106648589A (en) | svn source code online management and shared viewing system and method | |
| CN102156736A (en) | Method for transmitting data between SAP (Systems Application) system and SQL (Structured Query Language) database | |
| CN105975489A (en) | Metadata-based online SQL code completion method | |
| EP0628904A2 (en) | Method of running two applications on a computer system | |
| CN110782233A (en) | Authority management method based on OA approval and between business systems | |
| CN101398922A (en) | Data synchronization method and device | |
| CN102609357A (en) | Method for dynamically building test cases for automatic testing meeting AUTOSAR (automotive open system architecture) standards | |
| CN110209534B (en) | System and method for automatically backing up mysql database | |
| JP2002351730A (en) | Method and device for filing electronic document | |
| CN116069859A (en) | Incremental data synchronization method of database, storage medium and computer equipment | |
| CN101458628A (en) | Program edition management method | |
| CN104899013A (en) | Calling method and calling device of customized service assembly | |
| CN102629200A (en) | Processing method for Web system off-line using | |
| CN106452907B (en) | Configuration management system | |
| CN113448980A (en) | Method and device for generating SQL (structured query language) statement and electronic equipment | |
| US20190253484A1 (en) | Modifying document metadata with integrated cloud services | |
| CN110554997A (en) | File name batch modification method and system | |
| CN103092620A (en) | Microsoft Exchange Server 2010 Web service integration development method | |
| KR102662093B1 (en) | Document life-cycle management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200519 |