- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Looking for a command line or simple script to...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2013 11:55 AM
01-15-2013 11:55 AM
Looking for a command line or simple script to identify AD users.
We have two kinds of users. local (root, and such) and AD integrated users.
I would like to identify AD integrated users if possible to create an automated security report.
awk '{print $1} /etc/passwd | while read -r uid
do
<Insert command here to determine if its a local or AD integrated user>
done
Thanks,
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Tags:
- LDAP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2013 08:11 PM
01-15-2013 08:11 PM
Re: Looking for a command line or simple script to identify AD users.
>awk '{print $1} /etc/passwd | while read -r uid; do
I'm not sure this will work for LDAP users?
It doesn't work for NIS, you need to use "ypcat passwd" instead.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2013 05:14 AM
01-16-2013 05:14 AM
Re: Looking for a command line or simple script to identify AD users.
Well, if the user is listed in /etc/passwd, then I think the user *is* local by definition, although there might be overlapping information in the AD.
The "nsquery" command might be the one you want.
By default, it follows the nsswitch.conf policy, so it will give you the same answers the regular programs will get.
But you can use it to query using a custom lookup policy, e.g. telling the system to look up using AD/LDAP only, or /etc/passwd only:
- If you run "nsquery passwd joeuser ldap" and get an answer, then this user is defined in LDAP (and AD is a special case of LDAP). If you get a return value of 3, there was no Unix username "joeuser" listed in LDAP/AD.
- if you run "nsquery passwd joeuser files" and get an answer, then this user is defined in /etc/passwd. Again, a return value of 3 means the user either is not defined locally or does not exist at all.
- if both of the above commands return an answer, you have both a local *and* a LDAP definition for the user. Hopefully they have identical information...
- Tags:
- nsquery