User and group commands in AD Bridge
User and group commands allow you to locate users or groups using filters such as name or ID. You can also list users and groups.
Find a user or a group
You can check a domain user's or group's information by either name or ID. These commands can verify that the client can locate the user or group in Active Directory.
Find a user by name
find-user-by-name domain\\username
Search for a user by name.
Note
Replace domain\username with the full domain user name or the single domain user name of the user.
Example
/opt/pbis/bin/find-user-by-name mydomain\\trejo
Optionally set the level of detail of information that is returned.
Example
/opt/pbis/bin/find-user-by-name --level 2 mydomain\\trejo User info (Level-2): ==================== Name: trejo SID: S-1-5-21-3447809367-3151979076-456401374-1135 UPN: trejo@MYDOMAIN.EXAMPLE.COM Generated UPN: NO DN: CN=trejo,CN=Users,DC=MYDOMAIN,DC=EXAMPLE,DC=COM Uid: 239600751 Gid: 239600770 Gecos: Markus Trejo Shell: /bin/sh Home dir: /home/MYDOMAIN/trejo-macbook/trejo-bvt LMHash length: 0 NTHash length: 0 Local User: NO Account disabled (or locked): FALSE Account expired: FALSE Password never expires: TRUE Password Expired: FALSE Prompt for password change: YES User can change password: YES Days till password expires: 0 Logon restriction: NO trejo-macbook:~ root#
Find a user by user ID
find-user-by-id UID
Search for a user by UID.
Example
/opt/pbis/bin/find-user-by-id 593495196
Find a user in Active Directory by security identifier
find-by-sid SID
Find a user in Active Directory by security identifier (SID).
Note
Run the command as root.
Example
/opt/pbis/bin/find-user-by-id 593495196
[root@rhel4d bin]# /opt/pbis/bin/find-by-sid S-1-5-21-382349973-3885793314-468868962-1180 User info (Level-0): ==================== Name: EXAMPLE\hab SID: S-1-5-21-382349973-3885793314-468868962-1180 Uid: 593495196 Gid: 593494529 Gecos: Jurgen Habermas Shell: /bin/ sh Home dir: /home/ EXAMPLE/ hab
Find a group by name
find-group-by-name domain\\groupname
Finds a group.
Example
/opt/pbis/bin/find-group-by-name example.com\\dnsadmins
Find a group by ID
find-group-by-id GID
Finds a group using the group ID.
Example
/opt/pbis/bin/find-group-by-id 593494534
[root@rhel4d bin]# /opt/pbis/bin/find-group-by-id 593494534 Group info (Level-0): ==================== Name: EXAMPLE\schema^admins Gid: 593494534 SID: S-1-5-21-382349973-3885793314-468868962-518
List users or groups
List users
enum-users
Enumerate the users in Active Directory and view their members, group IDs, and security IDs. The AD Bridge agent enumerates users in the primary domain. Users in trusted domains and linked cells are not enumerated. NSS membership settings in the registry do not affect the result of the command.
Note
To view full information about the users, include the level option when you execute the command: /opt/pbis/bin/enum-users --level 2.
Example
/opt/pbis/bin/enum-users
User info (Level-2): ==================== Name: EXAMPLE\sduval UPN: SDUVAL@EXAMPLE.COM Generated UPN: NO Uid: 593495151 Gid: 593494529 Gecos: Shelley Duval Shell: /bin/sh Home dir: /home/EXAMPLE/sduval LMHash length: 0 NTHash length: 0 Local User: NO Account disabled: FALSE Account Expired: FALSE Account Locked: FALSE Password never expires: FALSE Password Expired: FALSE Prompt for password change: NO
List members
enum-members
Enumerate the members of a group. This command can return user or group information if they are part of the group specified.
If there are nested groups and the user runs the command /opt/pbis/bin/enum-members --group --by-name \\, it will return the nested groups. If the user runs the command /opt/pbis/bin/enum-members --user --by-name \\, it will return the users in that group.
Example
/opt/pbis/bin/enum-members
User object (1] (5-1-5-21-3705731645-4233351989-3429207207-1127) Enabled: yes Distinguished name: CN=user,0U=thirdfloor,DC=mydomain,DC=com SAM account name: User NetBIOS domain name: mydomain UPN: user@mydomain.com Display Name: User Alias: <null> UNIX name: mydomain\User GECOS: User Shell: /bin/sh Home directory: /home/local/mydomain/User Windows home directory: <null> Local windows home directory: UID: 822608999 Primary group SID: S-1-5-21-3705731645-4233351989-3429207207-513 Primary GID: 822608385 Password expired: no Password never expires: no Change password on next logon: no User can change password: yes Account disabled: no Account expired: no Account locked: no User object (2] (5-1-5-21-3705731645-4233351989-3429207207-1126) Enabled: yes Distinguished name: CN= user,0U= thirdfloor,DC=mydomain,DC=com SAM account name: User NetBIOS domain name: mydomain UPN: mydomain.com Display Name: User Alias: <null> UNIX name: mydomain\User GECOS: User Shell: /bin/sh Home directory: /home/local/mydomain/User Windows home directory: <null> Local windows home directory: UID: 822608998 Primary group SID: S-1-5-21-3705731645-4233351989-3429207207-513 Primary GID: 822608385 Password expired: no Password never expires: no Change password on next logon: no User can change password: yes Account disabled: no Account expired: no Account locked: no User object (3) (5-1-5-21-3705731645-4233351989-3429207207-1125) Enabled: yes Distinguished name: CN= user,0U=thirdfloor,DC=mydomain,DC=com SAM account name: User NetBIOS domain name: mydomain UPN: user@mydomain.com Display Name: User Alias: <null> UNIX name: mydomain\user GECOS: User Shell: /bin/sh Home directory: /home/local/mydomain/user
List groups
enum-groups
Enumerate the groups in Active Directory and view the group IDs and security IDs of members. The AD Bridge agent enumerates groups in the primary domain. Groups in trusted domains and linked cells are not enumerated. NSS membership settings in the registry do not affect the result of the command.
Note
To view full information about the groups, include the level option when you execute the command: /opt/pbis/bin/enum-users --level 2.
Example
/opt/pbis/bin/enum-groups
List groups for a user
You can list the groups where a particular user is a member.
list-groups-for-user
List the groups where a particular user is a member. You can search either by user name or user ID.
Example
/opt/pbis/bin/list-groups-for-user --uid 593495196
[root@rhel5d bin]# ./list-groups-for-user example\\hab Number of groups found for user 'example\hab' : 2 Group[1 of 2] name = EXAMPLE\enterprise^admins (gid = 593494535) Group[2 of 2] name = EXAMPLE\domain^users (gid = 593494529)
Updated 16 days ago