¼³¸í ¹× Active Directory AdminSDHolder °³Ã¼ ¾÷µ¥ÀÌÆ®

±â¼ú ÀÚ·á: 232199 - ÀÌ ¹®¼­°¡ Àû¿ëµÇ´Â Á¦Ç° º¸±â.
±â°è ¹ø¿ªµÈ ¹®¼­±â°è ¹ø¿ª °íÁö »çÇ× º¸±â
¸ðµÎ È®´ë | ¸ðµÎ Ãà¼Ò

¿ä¾à

ÀÌ ¹®¼­¿¡ ³ª¿Í ÀÖ´Â Á¤º¸´Â °æ¿ì¿¡¸¸ Windows 2000 RC2 (¶Ç´Â ÀÌÀü ºôµå¸¦) Windows 2000 ¸±¸®½º ¹öÀüÀ¸·Î ¾÷±×·¹À̵åÇÏ´Â µ¥ Àû¿ëµË´Ï´Ù. º¯°æ ¾×¼¼½º Á¦¾î ¸ñ·Ï¿¡ AdminSDHolder Active Directory °³Ã¼ (ACL) ¿¡¼­ Windows 2000 RC3 Çß½À´Ï´Ù. ÀÌ °³Ã¼´Â ±âº» Á¦°ø °ü¸®ÀÚ ¶Ç´Â µµ¸ÞÀÎ °ü¸®ÀÚ ±×·ìÀÇ ±¸¼º¿øÀÎ »ç¿ëÀÚ °èÁ¤ÀÇ »ç¿ë ±ÇÇÑÀ» Á¦¾îÇÏ´Â µ¥ »ç¿ëµË´Ï´Ù.

ACL ´ÙÀ½ °³Ã¼¿¡ ´ëÇØ °ü¸® ±×·ì¿¡ ¸Å½Ã°£, Windows 2000 µµ¸ÞÀÎ ÄÁÆ®·Ñ·¯°¡ ÁÖ µµ¸ÞÀÎ ÄÁÆ®·Ñ·¯ (PDC) FSMO (½ÅÃà ´ÜÀÏ ¸¶½ºÅÍ ÀÛ¾÷) ¿ªÇÒ ¸ðµç º¸¾È ÁÖü (»ç¿ëÀÚ, ±×·ì ¹× ÄÄÇ»ÅÍ °èÁ¤) ÇöÀç ÇØ´ç µµ¸ÞÀο¡ ´ëÇÑ Active Directory ¹× ÀÖ´Â ACLÀ» ºñ±³ÇÏ´Â º¸À¯ÇÏ´Â °°½À´Ï´Ù.
CN AdminSDHolder CN = ½Ã½ºÅÛ, DC = MyDomain, DC = Com =

¹Ù²Ù±â "DC MyDomain, DC = Com =" µµ¸ÞÀÎÀÇ °íÀ¯ À̸§ (DN)ÀÌ ÀÌ °æ·Î¿¡ ÀÖ´Â.
ACL ´Ù¸¥ °æ¿ì ACL »ó¼Ó ÇØÁ¦ Æ÷ÇÔÇÑ AdminSDHolder °³Ã¼ÀÇ º¸¾È ¼³Á¤À» ¹Ý¿µÇϵµ·Ï »ç¿ëÀÚ °³Ã¼¿¡ ´ëÇÑ ACLÀÌ µ¤¾î¾¹´Ï´Ù. ÀÌ·¯ÇÑ °ü¸® °èÁ¤À» ±ÇÇÑÀÌ ¾ø´Â »ç¿ëÀÚ°¡ °èÁ¤ ÄÁÅ×À̳ʷΠÀ̵¿Çϰųª »ç¿ëÀÚ°¡ ¿Ô½À´Ï´Ù Á¶Á÷ ±¸¼º ´ÜÀ§¿¡ »ç¿ëÀÚ °èÁ¤ ¼öÁ¤ÇÒ °ü¸® ±ÇÇÑÀ» À§ÀÓÇÒ °æ¿ì ¼öÁ¤µÇ´Â µ¥ÀÌÅ͸¦ º¸È£ÇÕ´Ï´Ù. Âü°í »ç¿ëÀÚ°¡ °ü¸® ±×·ì¿¡¼­ Á¦°ÅµÇ´Â °æ¿ì¿¡´Â ÀÌ·¯ÇÑ ÇÁ·Î¼¼½º¸¦ ¹Ý´ë·Î ¼öÇàµÇÁö ¾ÊÀ¸¹Ç·Î ¼öµ¿À¸·Î º¯°æÇØ¾ß ÇÕ´Ï´Ù.

Âü°í: Windows 2000 ¸±¸®½ºµÈ ¹öÀüÀÇ Microsoft Windows NT 4.0 ¾÷±×·¹À̵å ÁßÀÎ °æ¿ì ´ÙÀ½ ÀýÂ÷¸¦ »ç¿ëÇÏ¿© ÇÊ¿äÇÏÁö ¾Ê½À´Ï´Ù.

Ãß°¡ Á¤º¸

ÀÌ »óȲÀ» ÇØ°áÇÏ·Á¸é µµ¸ÞÀÎ ´ç ÇÑ µµ¸ÞÀÎ ÄÁÆ®·Ñ·¯¿¡¼­ ´ÙÀ½ ÀÌ ÀýÂ÷¸¦ µû¸¨´Ï´Ù.
  1. Windows 2000 Professional ¶Ç´Â Server CD-ROM Windows 2000 Áö¿ø µµ±¸¸¦ ¼³Ä¡ÇϽʽÿÀ. ÀÌ·¯ÇÑ µµ±¸¸¦ »ç¿ëÇÏ¿© º¸°í, ¼öÁ¤ ¶Ç´Â Active Directory °³Ã¼¿¡ ´ëÇÑ ¾×¼¼½º Á¦¾î Ç׸ñÀ» Á¦°ÅÇÒ ¼ö Dsacls.exe ¸í¸íµÈ À¯Æ¿¸®Æ¼°¡ Æ÷ÇԵ˴ϴÙ.
  2. ¹èÄ¡ ÆÄÀÏÀ» ¸¸µç ´ÙÀ½ ÅؽºÆ®·Î ¹Ù²Ù±â "DC MyDomain, DC = Com =" µµ¸ÞÀÎÀÇ °íÀ¯ À̸§ (DN) ÇÔ²²):
    dsacls "cn adminsdholder cn = ½Ã½ºÅÛ, = dc = mydomain, dc = com"/G "\Everyone:CA;Change ¾ÏÈ£"
    dsacls "cn adminsdholder cn = ½Ã½ºÅÛ, = dc = mydomain, dc ="/G"com RP: \Pre-Windows 2000 ȣȯ ¾×¼¼½º; ¿ø°Ý ¾×¼¼½º Á¤º¸"
    dsacls "cn adminsdholder cn = ½Ã½ºÅÛ, = dc = mydomain, dc com"/G"= \Pre-Windows 2000 ȣȯ ¾×¼¼½º: RP; ÀÏ¹Ý Á¤º¸"
    dsacls "cn adminsdholder cn = ½Ã½ºÅÛ, = dc mydomain, = dc = com"/G"RP: \Pre-Windows 2000 ȣȯ ¾×¼¼½º, ±×·ì ±¸¼º¿ø"
    dsacls "cn adminsdholder cn = ½Ã½ºÅÛ, = dc = mydomain, dc ="/G"com RP: \Pre-Windows 2000 ȣȯ ¾×¼¼½º, ·Î±×¿Â Á¤º¸"
    dsacls "cn adminsdholder cn = ½Ã½ºÅÛ, = dc = mydomain, dc com"/G"= \Pre-Windows 2000 ȣȯ ¾×¼¼½º: RP; °èÁ¤ Á¦ÇÑ"
  3. µµ¸ÞÀÎ ÄÁÆ®·Ñ·¯ÀÇ ¹èÄ¡ ÆÄÀÏÀ» ½ÇÇàÇϽʽÿÀ. ¸ðµç »ç¶÷ ¹× Pre-Windows 2000 ȣȯ ¾×¼¼½º ±×·ì¿¡ ´ëÇØ ÁöÁ¤µÈ ¾×¼¼½º Á¦¾î Ç׸ñ (ACE) Ãß°¡ÇÕ´Ï´Ù.
  4. ¸í·É ÇÁ·ÒÇÁÆ®¿¡¼­ dsacls cn adminsdholder cn = ½Ã½ºÅÛ, = dc = mydomain, dc com =, ´ëü "DC MyDomain, DC = Com =" µµ¸ÞÀÎÀÇ °íÀ¯ À̸§ (DN) ÇÔ²²). ´ÙÀ½ Ãâ·Â ºñ±³: 
    Access list:
{This object is protected from inheriting permissions from the parent}
Effective Permissions on this object are:
Allow NT AUTHORITY\Authenticated Users            SPECIAL ACCESS
                                                  READ PERMISSONS
                                                  LIST CONTENTS
                                                  READ PROPERTY
                                                  LIST OBJECT
Allow BUILTIN\Administrators                      SPECIAL ACCESS
                                                  DELETE
                                                  READ PERMISSONS
                                                  WRITE PERMISSIONS
                                                  CHANGE OWNERSHIP
                                                  CREATE CHILD
                                                  DELETE CHILD
                                                  LIST CONTENTS
                                                  WRITE SELF
                                                  WRITE PROPERTY
                                                  READ PROPERTY
                                                  LIST OBJECT
                                                  CONTROL ACCESS
Allow IFRPILOT\Enterprise Admins                  SPECIAL ACCESS
                                                  READ PERMISSONS
                                                  WRITE PERMISSIONS
                                                  CHANGE OWNERSHIP
                                                  CREATE CHILD
                                                  DELETE CHILD
                                                  LIST CONTENTS
                                                  WRITE SELF
                                                  WRITE PROPERTY
                                                  READ PROPERTY
                                                  LIST OBJECT
                                                  CONTROL ACCESS
Allow FAA\Domain Admins                           SPECIAL ACCESS
                                                  READ PERMISSONS
                                                  WRITE PERMISSIONS
                                                  CHANGE OWNERSHIP
                                                  CREATE CHILD
                                                  DELETE CHILD
                                                  LIST CONTENTS
                                                  WRITE SELF
                                                  WRITE PROPERTY
                                                  READ PROPERTY
                                                  LIST OBJECT
                                                  CONTROL ACCESS
Allow NT AUTHORITY\SYSTEM                         FULL CONTROL
Allow BUILTIN\Pre-Windows 2000 Compatible Access  SPECIAL ACCESS
                                                  READ PERMISSONS
                                                  LIST CONTENTS
                                                  READ PROPERTY
                                                  LIST OBJECT
Allow BUILTIN\Pre-Windows 2000 Compatible Access  SPECIAL ACCESS for Remote Access Information
                                                  READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access  SPECIAL ACCESS for General Information
                                                  READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access  SPECIAL ACCESS for Group Membership
                                                  READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access  SPECIAL ACCESS for Account Restrictions
                                                  READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access  SPECIAL ACCESS for Logon Information
                                                  READ PROPERTY
Allow Everyone                                    Change Password

¼Ó¼º

±â¼ú ÀÚ·á: 232199 - ¸¶Áö¸· °ËÅä: 2007³â 2¿ù 23ÀÏ ±Ý¿äÀÏ - ¼öÁ¤: 3.3
º» ¹®¼­ÀÇ Á¤º¸´Â ´ÙÀ½ÀÇ Á¦Ç°¿¡ Àû¿ëµË´Ï´Ù.
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
Å°¿öµå:?
kbmt kbenv kbinfo KB232199 KbMtko
±â°è ¹ø¿ªµÈ ¹®¼­
Áß¿ä: º» ¹®¼­´Â Àü¹® ¹ø¿ª°¡°¡ ¹ø¿ªÇÑ °ÍÀÌ ¾Æ´Ï¶ó Microsoft ±â°è ¹ø¿ª ¼ÒÇÁÆ®¿þ¾î·Î ¹ø¿ªÇÑ °ÍÀÔ´Ï´Ù. Microsoft´Â ¹ø¿ª°¡°¡ ¹ø¿ªÇÑ ¹®¼­ ¹× ±â°è ¹ø¿ªµÈ ¹®¼­¸¦ ¸ðµÎ Á¦°øÇϹǷΠMicrosoft ±â¼ú ÀÚ·á¿¡ ÀÖ´Â ¸ðµç ¹®¼­¸¦ Çѱ۷ΠÁ¢ÇÒ ¼ö ÀÖ½À´Ï´Ù. ±×·¯³ª ±â°è ¹ø¿ª ¹®¼­°¡ Ç×»ó ¿Ïº®ÇÑ °ÍÀº ¾Æ´Õ´Ï´Ù. µû¶ó¼­ ±â°è ¹ø¿ª ¹®¼­¿¡´Â ¸¶Ä¡ ¿Ü±¹ÀÎÀÌ Çѱ¹¾î·Î ¸»ÇÒ ¶§ ½Ç¼ö¸¦ ÇÏ´Â °Íó·³ ¾îÈÖ, ±¸¹® ¶Ç´Â ¹®¹ý¿¡ ¿À·ù°¡ ÀÖÀ» ¼ö ÀÖ½À´Ï´Ù. Microsoft´Â ³»¿ë»óÀÇ ¿À¿ª ¶Ç´Â Microsoft °í°´ÀÌ ÀÌ·¯ÇÑ ¿À¿ªÀ» »ç¿ëÇÔÀ¸·Î½á ¹ß»ýÇÏ´Â ºÎ Á¤È®¼º, ¿À·ù ¶Ç´Â ¼ÕÇØ¿¡ ´ëÇØ Ã¥ÀÓÀ» ÁöÁö ¾Ê½À´Ï´Ù. Microsoft´Â ÀÌ·¯ÇÑ ¹®Á¦¸¦ ÇØ°áÇϱâ À§ÇØ ±â°è ¹ø¿ª ¼ÒÇÁÆ®¿þ¾î¸¦ ÀÚÁÖ ¾÷µ¥ÀÌÆ®ÇÏ°í ÀÖ½À´Ï´Ù.
ÀÌ ¹®¼­ÀÇ ¿µ¹® ¹öÀü º¸±â.
À§·Î °¡±â | Çǵå¹é º¸³»±â

Çǵå¹é º¸³»±â

 
À§·Î °¡±âÀ§·Î °¡±â