通过

使用 Windows PowerShell 管理基于角色的访问控制

可以通过本主题了解如何使用 IPAM 通过 Windows PowerShell 管理基于角色的访问控制。

Note

有关 IPAM Windows PowerShell 命令参考,请参阅 Windows PowerShell 中的 IpamServer cmdlet

使用新的 Windows PowerShell IPAM 命令,你将能够检索并更改 DNS 和 DHCP 对象的访问范围。 下表说明了用于每个 IPAM 对象的正确命令。

IPAM Object Command Description
DNS Server Get-IpamDnsServer 此 cmdlet 返回 IPAM 中的 DNS 服务器对象
DNS Zone Get-IpamDnsZone 此 cmdlet 返回 IPAM 中的 DNS 区域对象
DNS 资源记录 Get-IpamResourceRecord 此 cmdlet 返回 IPAM 中的 DNS 资源记录对象
DNS 条件转发器 Get-IpamDnsConditionalForwarder 此 cmdlet 返回 IPAM 中的 DNS 条件转发器对象
DHCP Server Get-IpamDhcpServer 此 cmdlet 返回 IPAM 中的 DHCP 服务器对象
DHCP Superscope Get-IpamDhcpSuperscope 此 cmdlet 返回 IPAM 中的 DHCP 超级作用域对象
DHCP Scope Get-IpamDhcpScope 此 cmdlet 返回 IPAM 中的 DHCP 范围对象

In the following example of command output, the Get-IpamDnsZone cmdlet retrieves the dublin.contoso.com DNS zone.

PS C:\Users\Administrator.CONTOSO> Get-IpamDnsZone -ZoneType Forward -ZoneName dublin.contoso.com

ZoneName             : dublin.contoso.com
ZoneType             : Forward
AccessScopePath      : \Global\Dublin
IsSigned             : False
DynamicUpdateStatus  : None
ScavengeStaleRecords : False

在 IPAM 对象上设置访问范围

可以使用 Set-IpamAccessScope 命令在 IPAM 对象上设置访问范围。 可以使用此命令将对象的访问范围设置为特定值,或者让对象从父对象继承访问范围。 下面是可以使用此命令配置的对象。

  • DHCP Scope

  • DHCP Server

  • DHCP Superscope

  • DNS 条件转发器

  • DNS 资源记录

  • DNS Server

  • DNS Zone

  • IP 地址块

  • IP 地址范围

  • IP 地址空间

  • IP 地址子网

下面是 Set-IpamAccessScope 命令的语法。

NAME
    Set-IpamAccessScope

SYNTAX
    Set-IpamAccessScope [-IpamRange] -InputObject <ciminstance[]> [-AccessScopePath <string>] [-IsInheritedAccessScope] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]  [<CommonParameters>]

    Set-IpamAccessScope [-IpamDnsServer] -InputObject <ciminstance[]> [-AccessScopePath <string>] [-IsInheritedAccessScope] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]
    [<CommonParameters>]

    Set-IpamAccessScope [-IpamDhcpServer] -InputObject <ciminstance[]> [-AccessScopePath <string>] [-IsInheritedAccessScope] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]
    [<CommonParameters>]

    Set-IpamAccessScope [-IpamDhcpSuperscope] -InputObject <ciminstance[]> [-AccessScopePath <string>] [-IsInheritedAccessScope] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]
    [<CommonParameters>]

    Set-IpamAccessScope [-IpamDhcpScope] -InputObject <ciminstance[]> [-AccessScopePath <string>] [-IsInheritedAccessScope] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]
    [<CommonParameters>]

    Set-IpamAccessScope [-IpamDnsConditionalForwarder] -InputObject <ciminstance[]> [-AccessScopePath <string>] [-IsInheritedAccessScope] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]
    [<CommonParameters>]

    Set-IpamAccessScope [-IpamDnsResourceRecord] -InputObject <ciminstance[]> [-AccessScopePath <string>] [-IsInheritedAccessScope] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]
    [<CommonParameters>]

    Set-IpamAccessScope [-IpamDnsZone] -InputObject <ciminstance[]> [-AccessScopePath <string>] [-IsInheritedAccessScope] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]
    [<CommonParameters>]

    Set-IpamAccessScope [-IpamAddressSpace] -InputObject <ciminstance[]> [-AccessScopePath <string>] [-IsInheritedAccessScope] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]
    [<CommonParameters>]

    Set-IpamAccessScope [-IpamSubnet] -InputObject <ciminstance[]> [-AccessScopePath <string>] [-IsInheritedAccessScope] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]  [<CommonParameters>]

    Set-IpamAccessScope [-IpamBlock] -InputObject <ciminstance[]> [-AccessScopePath <string>] [-IsInheritedAccessScope] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]  [<CommonParameters>]

In the following example, the access scope of the DNS zone dublin.contoso.com is changed from Dublin to Europe.

PS C:\Users\Administrator.CONTOSO> Get-IpamDnsZone -ZoneType Forward -ZoneName dublin.contoso.com

ZoneName             : dublin.contoso.com
ZoneType             : Forward
AccessScopePath      : \Global\Dublin
IsSigned             : False
DynamicUpdateStatus  : None
ScavengeStaleRecords : False

PS C:\Users\Administrator.CONTOSO> $a = Get-IpamDnsZone -ZoneType Forward -ZoneName dublin.contoso.com
PS C:\Users\Administrator.CONTOSO> Set-IpamAccessScope -IpamDnsZone -InputObject $a -AccessScopePath \Global\Europe -PassThru

ZoneName             : dublin.contoso.com
ZoneType             : Forward
AccessScopePath      : \Global\Europe
IsSigned             : False
DynamicUpdateStatus  : None
ScavengeStaleRecords : False