Active Directory : ユーザーアカウントを追加する (CUI)2019/02/22

	ユーザーアカウントを Active Directory にコマンド操作で新規登録します。
[1]	PowerShell またはコマンドプロンプトを起動して [dsadd user] で操作可能です。

# 現在のユーザーリストを表示
PS C:\Users\Administrator> dsquery user -name * 
"CN=Administrator,CN=Users,DC=srv,DC=world"
"CN=Guest,CN=Users,DC=srv,DC=world"
"CN=Serverworld,CN=Users,DC=srv,DC=world"
"CN=sshd,CN=Users,DC=srv,DC=world"
"CN=krbtgt,CN=Users,DC=srv,DC=world"

# 例として [Redstone] ユーザー追加
PS C:\Users\Administrator> dsadd user CN=Redstone,CN=Users,DC=srv,DC=world `
-pwd P@ssw0rd01 `
-mustchpwd yes `
-ln Redstone `
-fn R5 `
-email Redstone@srv.world `
-display "Redstone R5" 
dsadd succeeded:CN=Redstone,CN=Users,DC=srv,DC=world

PS C:\Users\Administrator> dsquery user -name Redstone 
"CN=Redstone,CN=Users,DC=srv,DC=world"


# [dsadd user] オプション一覧
PS C:\Users\Administrator> dsadd user /? 
Description:  Adds a user to the directory.

Syntax:  dsadd user <UserDN> [-samid <SAMName>] [-upn <UPN>] [-fn <FirstName>]
        [-mi <Initial>] [-ln <LastName>] [-display <DisplayName>]
        [-empid <EmployeeID>] [-pwd {<Password> | *}] [-desc <Description>]
        [-memberof <Group ...>] [-office <Office>] [-tel <Phone#>]
        [-email <Email>] [-hometel <HomePhone#>] [-pager <Pager#>]
        [-mobile <CellPhone#>] [-fax <Fax#>] [-iptel <IPPhone#>]
        [-webpg <WebPage>] [-title <Title>] [-dept <Department>]
        [-company <Company>] [-mgr <Manager>] [-hmdir <HomeDir>]
        [-hmdrv <DriveLtr:>] [-profile <ProfilePath>] [-loscr <ScriptPath>]
        [-mustchpwd {yes | no}] [-canchpwd {yes | no}]
        [-reversiblepwd {yes | no}] [-pwdneverexpires {yes | no}]
        [-acctexpires <NumDays>] [-disabled {yes | no}]
        [{-s <Server> | -d <Domain>}] [-u <UserName>]
        [-p {<Password> | *}] [-q] [{-uc | -uco | -uci}]
        [-fnp <FirstNamePhonetic>] [-lnp <LastNamePhonetic>]
        [-displayp <DisplayNamePhonetic>]
.....
.....

[2]	ユーザーを削除する場合は [dsrm] コマンドで操作可能です。

# 例として [Redstone] ユーザー削除
PS C:\Users\Administrator> dsrm "CN=Redstone,CN=Users,DC=srv,DC=world" 
Are you sure you wish to delete CN=Redstone,CN=Users,DC=srv,DC=world (Y/N)? y
dsrm succeeded:CN=Redstone,CN=Users,DC=srv,DC=world

[3]	PowerShell で操作する場合は、専用の Cmdlet も使用可能です。

# 現在のユーザーリストを表示
PS C:\Users\Administrator> Get-ADUser -Filter * | Format-Table DistinguishedName 

DistinguishedName
-----------------
CN=Administrator,CN=Users,DC=srv,DC=world
CN=Guest,CN=Users,DC=srv,DC=world
CN=Serverworld,CN=Users,DC=srv,DC=world
CN=sshd,CN=Users,DC=srv,DC=world
CN=krbtgt,CN=Users,DC=srv,DC=world

# 例として [Redstone] ユーザー追加
PS C:\Users\Administrator> New-ADUser Redstone `
-Surname Redstone `
-GivenName R5 `
-DisplayName "Redstone R5" `
-EmailAddress "Redstone@srv.world" `
-AccountPassword (ConvertTo-SecureString -AsPlainText "P@ssw0rd01" -Force) `
-ChangePasswordAtLogon $true `
-Enabled $true 

# 確認
PS C:\Users\Administrator> Get-ADUser -Identity Redstone 

DistinguishedName : CN=Redstone,CN=Users,DC=srv,DC=world
Enabled           : True
GivenName         : R5
Name              : Redstone
ObjectClass       : user
ObjectGUID        : 0c65ad43-9cb2-4808-a2b3-72b731377a8f
SamAccountName    : Redstone
SID               : S-1-5-21-1938244123-2570910143-1886879425-1107
Surname           : Redstone
UserPrincipalName :


# 削除する場合は以下
PS C:\Users\Administrator> Remove-ADUser -Identity "CN=Redstone,CN=Users,DC=srv,DC=world" 

Confirm
Are you sure you want to perform this action?
Performing the operation "Remove" on target "CN=Redstone,CN=Users,DC=srv,DC=world".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): Y


# [New-ADUser] オプション一覧
PS C:\Users\Administrator> Get-Help New-ADUser 

NAME
    New-ADUser

Description
    Creates a new Active Directory user.

Syntax
    New-ADUser [-Name] <String> [-AccountExpirationDate <DateTime>] [-AccountNotDelegated <Boolean>] [-AccountPassword
    <SecureString>] [-AllowReversiblePasswordEncryption <Boolean>] [-AuthenticationPolicy <ADAuthenticationPolicy>] [-A
    uthenticationPolicySilo <ADAuthenticationPolicySilo>] [-AuthType {Negotiate | Basic}] [-CannotChangePassword <Boole
    an>] [-Certificates <X509Certificate[]>] [-ChangePasswordAtLogon <Boolean>] [-City <String>] [-Company <String>] [-
    CompoundIdentitySupported <Boolean>] [-Country <String>] [-Credential <PSCredential>] [-Department <String>] [-Desc
    ription <String>] [-DisplayName <String>] [-Division <String>] [-EmailAddress <String>] [-EmployeeID <String>] [-Em
    ployeeNumber <String>] [-Enabled <Boolean>] [-Fax <String>] [-GivenName <String>] [-HomeDirectory <String>] [-HomeD
    rive <String>] [-HomePage <String>] [-HomePhone <String>] [-Initials <String>] [-Instance <ADUser>] [-KerberosEncry
    ptionType {None | DES | RC4 | AES128 | AES256}] [-LogonWorkstations <String>] [-Manager <ADUser>] [-MobilePhone <St
    ring>] [-Office <String>] [-OfficePhone <String>] [-Organization <String>] [-OtherAttributes <Hashtable>] [-OtherNa
    me <String>] [-PassThru] [-PasswordNeverExpires <Boolean>] [-PasswordNotRequired <Boolean>] [-Path <String>] [-POBo
    x <String>] [-PostalCode <String>] [-PrincipalsAllowedToDelegateToAccount <ADPrincipal[]>] [-ProfilePath <String>]
    [-SamAccountName <String>] [-ScriptPath <String>] [-Server <String>] [-ServicePrincipalNames <String[]>] [-Smartcar
    dLogonRequired <Boolean>] [-State <String>] [-StreetAddress <String>] [-Surname <String>] [-Title <String>] [-Trust
    edForDelegation <Boolean>] [-Type <String>] [-UserPrincipalName <String>] [-Confirm] [-WhatIf] [<CommonParameters>]

.....
.....

[4]	PowerShell で既存ユーザーに UNIX 属性を追加する場合は [Set-ADUser] コマンドで操作可能です。

# 例として [Redstone] ユーザーに UNIX 属性追加
PS C:\Users\Administrator> Get-ADUser -Identity Redstone 

DistinguishedName : CN=Redstone,CN=Users,DC=srv,DC=world
Enabled           : True
GivenName         : R5
Name              : Redstone
ObjectClass       : user
ObjectGUID        : 62e8a6bd-feec-4700-830b-eafdbf5b8faa
SamAccountName    : Redstone
SID               : S-1-5-21-1938244123-2570910143-1886879425-1121
Surname           : Redstone
UserPrincipalName :

# 最低限必要な属性をハッシュテーブルで指定する
PS C:\Users\Administrator> Set-ADUser -identity "CN=Redstone,CN=Users,DC=srv,DC=world" `
-Add @{uidNumber="5001"; gidNumber="100"; loginShell="/bin/bash"; unixHomeDirectory="/home/Redstone"} 

# 確認
PS C:\Users\Administrator> Get-ADUser -Identity Redstone -Properties * | Out-String -Stream | Select-String "uidNumber","gidNumber","loginShell","unixHomeDirectory" 

gidNumber                            : 100
loginShell                           : /bin/bash
uidNumber                            : 5001
unixHomeDirectory                    : /home/Redstone