1

I know how to get the DN from the command line:

adquery user -D "$(hostname -s)"

However, I want to get the DN into an adedit script. If I can select_object {DN here}, then I can do the other things I need to do.

I just don't know how to get the DN directly in adedit.

According to the adquery man page (part of the Centrify Suite):

The adquery command is provided for backward compatibility to enable you to query Active Directory for information about users and groups from the command line on a Centrify-managed computer. You can use this command to query information for classic or hierarchical zones. In most cases, however, you should use adedit commands or scripts to query Active Directory for information in hierarchical zones.

However, there is no clear documentation I can find on how to translate adquery commands into native calls within adedit.

For example:

adquery user `hostname -s` --dump

This gives a list of all the raw attributes and values for the user that is the computer I'm running the command on. Using the --attribute flag, I can return just one attribute.

With adedit, after I've run select_object THE_DN, I can get other fields such as "description" by running get_object_field description. But, how to get the DN in the first place?

I've found the adedit programmer's guide, but can't find what I need in there despite extensive digging and experimentation.

Until I get a better approach, I am running:

adedit myscript "$(adquery user -D "$(hostname -s)")"

And then in the script:

if { $argc != 1 } {
  puts "format: $argv0 hostDN"
  exit 1
}

set the_dn [lindex $argv 0]

bind ... (credentials here)

select_object $the_dn

(Note: adedit is built on Tcl, so I've tagged this question Tcl as well as Active Directory. I don't have the reputation to create a Centrify tag.)

Wildcard
  • 153
  • 2
  • 14

1 Answers1

1

I don't have any Centrify hosts to test with at the moment. But I'm guessing what you're looking for is a combination of get_adinfo host and get_objects.

get_adinfo host will give you the current host's info or at least a computer name (memory hazy).

get_objects more of a generic LDAP query command that takes typical LDAP parameters like depth, base (DN), and filter.

So once you have the computer name, you can use get_objects to query the DN something like this.

set results [get_objects -depth sub "DC=example,DC=com" "(&(objectClass=computer)(sAMAccountName=$hostname))"]
set compDN [lindex $results 0]

Again, totally untested. But I'm pretty sure this should get you going in the right direction.

Ryan Bolger
  • 16,472
  • 3
  • 40
  • 59
  • Hi Ryan! I had tried `get_adinfo host` and it only gives the hostname, not the DN, etc. I am away from the office now but I will try `get_objects` when I return—I had found it in the manual, but couldn't figure out the filter syntax. Thanks! – Wildcard May 26 '18 at 04:26
  • Yeah, it's standard LDAP filter syntax. But if you don't have much experience running LDAP queries, it's pretty weird at first. There are tons of guides online though. – Ryan Bolger May 26 '18 at 16:59
  • That `get_objects` command does indeed work! However, for whatever reason, I need a `$` at the end of the hostname. I confirmed this by selecting a host's object and checking `get_object_field_names` and then `get_object_field sAMAccountName` and the result was `{thehostname$}`. So I put the `$` in the search and it then worked. – Wildcard Nov 17 '18 at 06:10