Looking for a command line or simple script to identify AD users. (116 Views)
Reply
Exalted Contributor
Steven E. Protter
Posts: 33,806
Registered: ‎08-15-2002
Message 1 of 3 (116 Views)

Looking for a command line or simple script to identify AD users.

We have two kinds of users. local (root, and such) and AD integrated users.

 

I would like to identify AD integrated users if possible to create an automated security report.

 

awk '{print $1} /etc/passwd | while read -r uid

do

    <Insert command here to determine if its a local or AD integrated user>

done

 

Thanks,

 

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Please use plain text.
Acclaimed Contributor
Dennis Handly
Posts: 24,698
Registered: ‎03-06-2006
Message 2 of 3 (105 Views)

Re: Looking for a command line or simple script to identify AD users.

>awk '{print $1} /etc/passwd | while read -r uid; do

 

I'm not sure this will work for LDAP users?

It doesn't work for NIS, you need to use "ypcat passwd" instead.

Please use plain text.
Honored Contributor
Matti_Kurkela
Posts: 6,271
Registered: ‎12-02-2001
Message 3 of 3 (100 Views)

Re: Looking for a command line or simple script to identify AD users.

Well, if the user is listed in /etc/passwd, then I think the user *is* local by definition, although there might be overlapping information in the AD.

 

The "nsquery" command might be the one you want.
By default, it follows the nsswitch.conf policy, so it will give you the same answers the regular programs will get.

But you can use it to query using a custom lookup policy, e.g. telling the system to look up using AD/LDAP only, or /etc/passwd only:

 

  • If you run "nsquery passwd joeuser ldap" and get an answer, then this user is defined in LDAP (and AD is a special case of LDAP). If you get a return value of 3, there was no Unix username "joeuser" listed in LDAP/AD.
  • if you run "nsquery passwd joeuser files" and get an answer, then this user is defined in /etc/passwd. Again, a return value of 3 means the user either is not defined locally or does not exist at all.
  • if both of the above commands return an answer, you have both a local *and* a LDAP definition for the user. Hopefully they have identical information...
MK
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation