HPE Community
Operating System - HP-UX
1752587 Members
4333 Online
108788 Solutions
New Discussion

Looking for a command line or simple script to identify AD users.

 
Steven E. Protter
Exalted Contributor

‎01-15-2013 11:55 AM

‎01-15-2013 11:55 AM

Looking for a command line or simple script to identify AD users.

We have two kinds of users. local (root, and such) and AD integrated users.

 

I would like to identify AD integrated users if possible to create an automated security report.

 

awk '{print $1} /etc/passwd | while read -r uid

do

    <Insert command here to determine if its a local or AD integrated user>

done

 

Thanks,

 

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
2 REPLIES 2
Dennis Handly
Acclaimed Contributor

‎01-15-2013 08:11 PM

‎01-15-2013 08:11 PM

Re: Looking for a command line or simple script to identify AD users.

>awk '{print $1} /etc/passwd | while read -r uid; do

 

I'm not sure this will work for LDAP users?

It doesn't work for NIS, you need to use "ypcat passwd" instead.

0 Kudos
Reply
Matti_Kurkela
Honored Contributor

‎01-16-2013 05:14 AM

‎01-16-2013 05:14 AM

Re: Looking for a command line or simple script to identify AD users.

Well, if the user is listed in /etc/passwd, then I think the user *is* local by definition, although there might be overlapping information in the AD.

 

The "nsquery" command might be the one you want.
By default, it follows the nsswitch.conf policy, so it will give you the same answers the regular programs will get.

But you can use it to query using a custom lookup policy, e.g. telling the system to look up using AD/LDAP only, or /etc/passwd only:

 

  • If you run "nsquery passwd joeuser ldap" and get an answer, then this user is defined in LDAP (and AD is a special case of LDAP). If you get a return value of 3, there was no Unix username "joeuser" listed in LDAP/AD.
  • if you run "nsquery passwd joeuser files" and get an answer, then this user is defined in /etc/passwd. Again, a return value of 3 means the user either is not defined locally or does not exist at all.
  • if both of the above commands return an answer, you have both a local *and* a LDAP definition for the user. Hopefully they have identical information...
MK
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.