管理角色為基礎存取控制使用 Windows PowerShellManage Role Based Access Control with Windows PowerShell

適用於:Windows Server(以每年次管道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

您可以使用本主題以了解如何使用 IPAM 管理 Windows PowerShell 中的角色為基礎存取控制。You can use this topic to learn how to use IPAM to manage role based access control with Windows PowerShell.

注意

針對 IPAM Windows PowerShell 命令參考資料,請查看Windows PowerShell 中的 IP 位址管理 (IPAM) 伺服器 CmdletFor the IPAM Windows PowerShell command reference, see IP Address Management (IPAM) Server Cmdlets in Windows PowerShell.

新的 Windows PowerShell IPAM 命令為您提供擷取和變更的 DNS 與 DHCP 物件存取範圍的功能。The new Windows PowerShell IPAM commands provide you with the ability to retrieve and change the access scopes of DNS and DHCP objects. 下表顯示使用每個 IPAM 物件正確的命令。The following table illustrates the correct command to use for each IPAM object.

IPAM 物件IPAM Object 命令Command 描述Description
DNS 伺服器DNS Server 取得-IpamDnsServerGet-IpamDnsServer 這個 cmdlet 傳回 IPAM DNS 伺服器物件This cmdlet returns the DNS server object in IPAM
DNS 區域DNS Zone 取得-IpamDnsZoneGet-IpamDnsZone 這個 cmdlet 傳回 IPAM DNS 區物件This cmdlet returns the DNS zone object in IPAM
DNS 資源記錄DNS Resource Record 取得-IpamResourceRecordGet-IpamResourceRecord 這個 cmdlet 傳回 IPAM DNS 資源記錄物件This cmdlet returns the DNS resource record object in IPAM
DNS 條件轉寄DNS Conditional Forwarder 取得-IpamDnsConditionalForwarderGet-IpamDnsConditionalForwarder 這個 cmdlet 傳回 IPAM DNS 條件轉寄物件This cmdlet returns the DNS conditional forwarder object in IPAM
DHCP 伺服器DHCP Server 取得-IpamDhcpServerGet-IpamDhcpServer 這個 cmdlet 傳回 IPAM DHCP 伺服器物件This cmdlet returns the DHCP server object in IPAM
DHCP 超級DHCP Superscope 取得-IpamDhcpSuperscopeGet-IpamDhcpSuperscope 這個 cmdlet 傳回 IPAM DHCP 超級物件This cmdlet returns the DHCP superscope object in IPAM
DHCP 領域DHCP Scope 取得-IpamDhcpScopeGet-IpamDhcpScope 這個 cmdlet 傳回 IPAM DHCP 範圍物件This cmdlet returns the DHCP scope object in IPAM

下列範例命令的輸出, Get-IpamDnsZone cmdlet 擷取dublin.contoso.com DNS 區域。In the following example of command output, the Get-IpamDnsZone cmdlet retrieves the dublin.contoso.com DNS zone. 

PS C:\Users\Administrator.CONTOSO> Get-IpamDnsZone -ZoneType Forward -ZoneName dublin.contoso.com  

ZoneName             : dublin.contoso.com  
ZoneType             : Forward  
AccessScopePath      : \Global\Dublin  
IsSigned             : False  
DynamicUpdateStatus  : None  
ScavengeStaleRecords : False

設定存取範圍 IPAM 物件Setting Access Scopes on IPAM Objects

您可以設定存取範圍 IPAM 物件使用Set-IpamAccessScope命令。You can set access scopes on IPAM objects by using the Set-IpamAccessScope command. 您可以使用此命令存取範圍設特定物件的值,或讓繼承家長物件範圍存取物件。You can use this command to set the access scope to a specific value for an object or to cause the objects to inherit access scope from parent objects. 以下是您可以設定此命令的物件。Following are the objects that you can configure with this command.

  • DHCP 領域DHCP Scope

  • DHCP 伺服器DHCP Server

  • DHCP 超級DHCP Superscope

  • DNS 條件轉寄DNS Conditional Forwarder

  • DNS 資源記錄DNS Resource Records

  • DNS 伺服器DNS Server

  • DNS 區域DNS Zone

  • IP 位址封鎖IP Address Block

  • IP 位址IP Address Range

  • IP 位址空間IP Address Space

  • IP 位址子網路IP Address Subnet

下列是語法Set-IpamAccessScope命令。Following is the syntax for the Set-IpamAccessScope command. 

NAME  
    Set-IpamAccessScope  

SYNTAX  
    Set-IpamAccessScope [-IpamRange] -InputObject <ciminstance[]> [-AccessScopePath <string>] [-IsInheritedAccessScope] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]  [<CommonParameters>]  

    Set-IpamAccessScope [-IpamDnsServer] -InputObject <ciminstance[]> [-AccessScopePath <string>] [-IsInheritedAccessScope] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]  
    [<CommonParameters>]  

    Set-IpamAccessScope [-IpamDhcpServer] -InputObject <ciminstance[]> [-AccessScopePath <string>] [-IsInheritedAccessScope] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]  
    [<CommonParameters>]  

    Set-IpamAccessScope [-IpamDhcpSuperscope] -InputObject <ciminstance[]> [-AccessScopePath <string>] [-IsInheritedAccessScope] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]  
    [<CommonParameters>]  

    Set-IpamAccessScope [-IpamDhcpScope] -InputObject <ciminstance[]> [-AccessScopePath <string>] [-IsInheritedAccessScope] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]  
    [<CommonParameters>]  

    Set-IpamAccessScope [-IpamDnsConditionalForwarder] -InputObject <ciminstance[]> [-AccessScopePath <string>] [-IsInheritedAccessScope] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]  
    [<CommonParameters>]  

    Set-IpamAccessScope [-IpamDnsResourceRecord] -InputObject <ciminstance[]> [-AccessScopePath <string>] [-IsInheritedAccessScope] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]  
    [<CommonParameters>]  

    Set-IpamAccessScope [-IpamDnsZone] -InputObject <ciminstance[]> [-AccessScopePath <string>] [-IsInheritedAccessScope] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]  
    [<CommonParameters>]  

    Set-IpamAccessScope [-IpamAddressSpace] -InputObject <ciminstance[]> [-AccessScopePath <string>] [-IsInheritedAccessScope] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]  
    [<CommonParameters>]  

    Set-IpamAccessScope [-IpamSubnet] -InputObject <ciminstance[]> [-AccessScopePath <string>] [-IsInheritedAccessScope] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]  [<CommonParameters>]  

    Set-IpamAccessScope [-IpamBlock] -InputObject <ciminstance[]> [-AccessScopePath <string>] [-IsInheritedAccessScope] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [-WhatIf] [-Confirm]  [<CommonParameters>]

下例 DNS 區域存取範圍在dublin.contoso.com變更的都柏林歐洲In the following example, the access scope of the DNS zone dublin.contoso.com is changed from Dublin to Europe. 

PS C:\Users\Administrator.CONTOSO> Get-IpamDnsZone -ZoneType Forward -ZoneName dublin.contoso.com  

ZoneName             : dublin.contoso.com  
ZoneType             : Forward  
AccessScopePath      : \Global\Dublin  
IsSigned             : False  
DynamicUpdateStatus  : None  
ScavengeStaleRecords : False  

PS C:\Users\Administrator.CONTOSO> $a = Get-IpamDnsZone -ZoneType Forward -ZoneName dublin.contoso.com  
PS C:\Users\Administrator.CONTOSO> Set-IpamAccessScope -IpamDnsZone -InputObject $a -AccessScopePath \Global\Europe -PassThru  

ZoneName             : dublin.contoso.com  
ZoneType             : Forward  
AccessScopePath      : \Global\Europe  
IsSigned             : False  
DynamicUpdateStatus  : None  
ScavengeStaleRecords : False