A Script to List Linux Users in Active Directory: Here's a Perl script that will search for users in your Active Directory that have the unix attributes set. The unix attributes that are most often used are uidNumber, gidNumber, unixHomeDirectory, and loginShell. The script does an ADODB search for users whose uidNumber = * meaning that it is set to something other than blank, returns the results, and displays the attributes. This is very handy since Microsoft does not display these attributes in the GUI. To learn how to allow linux users to logon using their Active Directory account, see my post about Active Directory Authentication for Linux
use Win32::OLE;
$dse=Win32::OLE->GetObject("LDAP://RootDSE"); $root=$dse->Get("DefaultNamingContext"); $adpath="LDAP://$root"; $base="<".$adpath.">";
$connection = Win32::OLE->new("ADODB.Connection"); $connection->{Provider} = "ADsDSOObject"; $connection->Open("ADSI Provider"); $command=Win32::OLE->new("ADODB.Command"); $command->{ActiveConnection}=$connection; $command->{Properties}->{'Page Size'}=1000; $rs = Win32::OLE->new("ADODB.RecordSet");
$command->{CommandText}="$base;(&(objectCategory=User)(uidNumber=*));samAccountName,displayName,distinguishedName,uid,uidNumber,gidNumber,unixHomeDirectory,loginShell;subtree";
print "\n===================\t\t=== === =======\t=====\n"; print "PRID (Display Name)\t\tUID GID HomeDir\tShell\n"; print "===================\t\t=== === =======\t=====\n\n";
$rs=$command->Execute; until ($rs->EOF){ $sam=$rs->Fields(0)->{Value}; $disp=$rs->Fields(1)->{Value}; $dn=$rs->Fields(2)->{Value}; $uid=$rs->Fields(3)->{Value}; $uidNumber=$rs->Fields(4)->{Value}; $gidNumber=$rs->Fields(5)->{Value}; $unixHomeDirectory=$rs->Fields(6)->{Value}; $loginShell=$rs->Fields(7)->{Value}; $users{$uidNumber}="$sam ($disp)\t$uidNumber $gidNumber $unixHomeDirectory\t$loginShell\t$dn"; $rs->MoveNext; }
foreach $user (sort keys %users){ print "$users{$user}\n"; }
0 comments:
Post a Comment