× Welcome to the Centrify Community! Looking for Express & Smart Card Help? Click Here

Using adedit to change UNIX Data on a Centrify Zone

Using adedit to change UNIX Data on a Centrify Zone

By Centrify Advisor I on ‎04-02-2017 10:40 PM

Centrify ADEdit is a command-line interface (CLI) utility that enables UNIX administrators to manage Centrify objects—such as zones, rights, and roles—in Microsoft Active Directory.

 

Here's a custom script that will help you change the shell on all the zone users at the same time:

 

#!/bin/env adedit
 
package require ade_lib
 
bind <ad-domain> <zone-admin-user> <zone-admin-password>
 
select_zone <zone distinguishedName (DN), for example: CN=Global,CN=Zones,OU=centrifyse,DC=centrify,DC=vms>
 
        foreach USER [get_zone_users] {
                select_zone_user $USER
                set_zone_user_field shell "%{shell}"
                save_zone_user
        }

 

Before you run it make sure to:

1. Specify the AD domain (in DNS format), Zone admin user and its password at line 5;

2. Specify the zone DN at line 7, see below how to retrieve this info:

image001.png

3. Change the shell value at line 11 (for example set_zone_user_field shell "/bin/false");

4. Make sure to change the file permissions to allow execution (chmod +x file_name.sh).

 

Showing results for 
Search instead for 
Do you mean 
Labels

Community Control Panel