Skip to main content

Trying to figure out a way to be able to query machines for specific group memberships.



We're using Centrify to bind, which adds a bit of complexity, but I can probably work around that.



Does anyone know of a good way to identify what AD Security groups a given machine is a member of?



With Centrify, the command: "/usr/local/bin/adquery user -A <Machine_Name>$ will return some info, but not what I'm looking for. Specifically, it will return "memberOf:OurDomain/Users/Domain Computers, but doesn't list any other groups I've added the machine to for test purposes right now.

This is what I used, I forgot where I got it from. You will need to change the ad_computer_ou to reflect your enviroment.



#!/bin/sh

ad_computer_name=`dsconfigad -show | grep "Computer Account" | awk '{print $4}'`

ad_computer_ou=`dscl "/Active Directory/All Domains/" read /Computers/$ad_computer_name | 

grep -A 1 dsAttrTypeNative:distinguishedName | 

cut -d, -f2- | sed -n 's/OU=//gp' | 

sed -n 's/(.*),DC=/1./gp' | 

sed -n 's/DC=//gp' | 

awk -F, '{

N = NF

while ( N > 1 )

{

printf "%s/",$N

N--

}



printf "%s",$1

}'`



echo "<result>$ad_computer_ou</result>"

Reply


Terms & ConditionsCookie settings