query session /server:имя_хоста > session.txt
for /f "skip=2 tokens=3," %%i in (session.txt) DO logoff %%i /server:имя_хоста
del session.txtCN=Group,CN=Schema,CN=Configuration,DC=example,DC=com# Только на одном контроллере AD/DNS:
# Создаём зоны видимости (Scope)
Add-DnsServerZoneScope -ZoneName "my.local" -Name "Scope149"
Add-DnsServerZoneScope -ZoneName "my.local" -Name "Scope33"
# Создаём DNS-записи для каждой зоны
Add-DnsServerResourceRecord -ZoneName "my.local" -A -Name "proxy" -IPv4Address 10.149.0.200 -ZoneScope "Scope149"
Add-DnsServerResourceRecord -ZoneName "my.local" -A -Name "proxy" -IPv4Address 10.33.0.200 -ZoneScope "Scope33"
Add-DnsServerResourceRecord -ZoneName "my.local" -A -Name "wsus" -IPv4Address 10.149.0.209 -ZoneScope "Scope149"
Add-DnsServerResourceRecord -ZoneName "my.local" -A -Name "wsus" -IPv4Address 10.33.0.201 -ZoneScope "Scope33"
# На каждом контроллере:
# Создаём подсети
Add-DnsServerClientSubnet -Name "Subnet149" -IPv4Subnet 10.149.0.0/16
Add-DnsServerClientSubnet -Name "Subnet33" -IPv4Subnet 10.33.0.0/16
Add-DnsServerClientSubnet -Name "SubnetTotal" -IPv4Subnet 10.0.0.0/8
# Создаём политики применения зон видимости для подсетей
Add-DnsServerQueryResolutionPolicy -Name "Policy149" -Action ALLOW -ClientSubnet "eq,Subnet149" -Condition AND -FQDN "eq,proxy.my.local,wsus.my.local" -ZoneScope "Scope149" -ZoneName "my.local"
Add-DnsServerQueryResolutionPolicy -Name "Policy33" -Action ALLOW -ClientSubnet "eq,Subnet33" -Condition AND -FQDN "eq,proxy.my.local,wsus.my.local" -ZoneScope "Scope33" -ZoneName "my.local"
Add-DnsServerQueryResolutionPolicy -Name "PolicyTotal" -Action ALLOW -ClientSubnet "eq,SubnetTotal" -ZoneScope "my.local" -ZoneName "my.local"
# Включаем политики
Enable-DnsServerPolicy -Level Zone -ZoneName "my.local" -Name "Policy149"
Enable-DnsServerPolicy -Level Zone -ZoneName "my.local" -Name "Policy33"
Enable-DnsServerPolicy -Level Zone -ZoneName "my.local" -Name "PolicyTotal"
# Разрешаем Split-Brain DNS
dnscmd /config /globalqueryblocklist isatap# Только на одном контроллере AD/DNS:
# Создаём зоны видимости (Scope)
Add-DnsServerZoneScope -ZoneName "my.local" -Name "Scope149"
Add-DnsServerZoneScope -ZoneName "my.local" -Name "Scope33"
# Создаём DNS-записи для каждой зоны
Add-DnsServerResourceRecord -ZoneName "my.local" -A -Name "proxy" -IPv4Address 10.149.0.200 -ZoneScope "Scope149"
Add-DnsServerResourceRecord -ZoneName "my.local" -A -Name "proxy" -IPv4Address 10.33.0.200 -ZoneScope "Scope33"
Add-DnsServerResourceRecord -ZoneName "my.local" -A -Name "wsus" -IPv4Address 10.149.0.209 -ZoneScope "Scope149"
Add-DnsServerResourceRecord -ZoneName "my.local" -A -Name "wsus" -IPv4Address 10.33.0.201 -ZoneScope "Scope33"
# На каждом контроллере:
# Создаём подсети
Add-DnsServerClientSubnet -Name "Subnet149" -IPv4Subnet 10.149.0.0/16
Add-DnsServerClientSubnet -Name "Subnet33" -IPv4Subnet 10.33.0.0/16
Add-DnsServerClientSubnet -Name "SubnetTotal" -IPv4Subnet 10.0.0.0/8
# Создаём политики применения зон видимости для подсетей
Add-DnsServerQueryResolutionPolicy -Name "Policy149" -Action ALLOW -ClientSubnet "eq,Subnet149" -Condition AND -FQDN "eq,proxy.my.local,wsus.my.local" -ZoneScope "Scope149" -ZoneName "my.local"
Add-DnsServerQueryResolutionPolicy -Name "Policy33" -Action ALLOW -ClientSubnet "eq,Subnet33" -Condition AND -FQDN "eq,proxy.my.local,wsus.my.local" -ZoneScope "Scope33" -ZoneName "my.local"
Add-DnsServerQueryResolutionPolicy -Name "PolicyTotal" -Action ALLOW -ClientSubnet "eq,SubnetTotal" -ZoneScope "my.local" -ZoneName "my.local"
# Включаем политики
Enable-DnsServerPolicy -Level Zone -ZoneName "my.local" -Name "Policy149"
Enable-DnsServerPolicy -Level Zone -ZoneName "my.local" -Name "Policy33"
Enable-DnsServerPolicy -Level Zone -ZoneName "my.local" -Name "PolicyTotal"
# Разрешаем Split-Brain DNS
dnscmd /config /globalqueryblocklist isatapidmap config NT AUTHORITY : base_rid = 0
idmap config NT AUTHORITY : range = 1200000-1299999
idmap config NT AUTHORITY : backend = rid
idmap config BUILTIN : base_rid = 0
idmap config BUILTIN : range = 1000000-1099999
idmap config BUILTIN : backend = rid
idmap config ваш_домен : base_rid = 100
idmap config ваш_домен : range = 100-999999
idmap config ваш_домен : backend = rid
idmap config ваш_домен : default = yes
idmap config * : range = 1300000-1999999
idmap config * : backend = rid...
idmap config NT AUTHORITY : base_rid = 0
idmap config NT AUTHORITY : range = 1200000-1299999
idmap config NT AUTHORITY : backend = rid
idmap config BUILTIN : base_rid = 0
idmap config BUILTIN : range = 1000000-1099999
idmap config BUILTIN : backend = rid
idmap config REGIONS : base_rid = 100
idmap config REGIONS : range = 100-999999
idmap config REGIONS : backend = rid
idmap config REGIONS : default = yes
idmap config * : range = 1300000-1999999
idmap config * : backend = rid$ldap = ldap_connect($ad_host);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_bind($ldap, $reader_rdn, $reader_pass);
$res = ldap_search($ldap, $base_dn, "($uid_attrib=".$_REQUEST['uid'].")", array('jpegPhoto'));
$info = ldap_get_entries($ldap, $res);
$photo = $info[0]['jpegphoto'][0];
$img = imagecreatefromstring($photo);
header("Content-type: image/jpeg");
imagejpeg($img,NULL,100);
lsap_close(ldap);