『【IDM】パスワード同期機能の有効活用 その3 ~ unixUserPassword 属性から暗号化されたパスワードを取得する』PowerShell 編

  • Article

?????????????Active Directory ? Unix/Linux ????????????????Windows Server 2008 ????????????????

???????????????????????????????????????????????????????????????ID ??????????????????????? Linux/Unix ???????? AD ????????????????????????????????????????????????

???????3?? Linux/Unix ???????????????????????LDAP ?????????????????????????? PowerShell ????????????????????????????????????

image

????Active Directory ? LDAP ????????????????

 $domain = [adsi]"" 
$searcher = New-Object System.DirectoryServices.DirectorySearcher $domain 
$searcher.Filter = '(&(objectClass=User)(sAMAccountName=testuser001))'

????? ADSI ?????????? ($domain)??????? DirectorySearcher ?????? ?????? ($searcher)?$searcher ????????????LDAP ???????????????????????????????????????

 $domain = [adsi]"LDAP://localhost/dc=example1,dc=jp"

$domain ?????????????????????????????(??????????????????? PS C:\> ????????)

 PS C:\> $domain | format-list *

objectClass                      : {top, domain, domainDNS}
distinguishedName                : {DC=example1,DC=jp}
instanceType                     : {5}
...(?)...

?? LDAP ?????????????????????????

 $user = $searcher.FindOne()

$user ? Properties ????????????????? unixUserPassword ?????????????(DirectorySearcher ? PropertiesToLoad ?????????????????????? Properties ???????) unixUserPassword ???????????????????? [0] ???????

 PS C:\> $user.Properties.unixuserpassword[0] 
71 
121 
49 
110 
65 
77 
90 
105 
65 
88 
84 
102 
89

PS C:\> $user.Properties.unixuserpassword[0] | Get-Member 

   TypeName: System.Byte[] 

...(?)...

????????????????????????????????.NET Framework ? System.Text ??????????

 $enc = new-object System.Text.UTF8Encoding 
$password = $enc.GetString($user.Properties.unixuserpassword[0])

????????????????????????????

 PS C:\> $password
Gy1nAMZiAXTfY