image
Dave Herrell
Dave Herrell - Blog - IT Toolbox - PowerShell Banner
PowerShell Basics, Active Directory

PowerShell Basics: User UNIX Attributes

If you utilize an Active Directory domain that allows ssh’ing login into items like a bastion host, you more then likely utilize the UNIX AD user attributes.   The fun part, is since 2012 Microsoft has decided to pull that AD tab info from their Active Directory GUI making it more challenging to review a users attributes.  

Have no fear, PowerShell is here (as usual) to save the day! 

To review the UNIX info from a users account simple run the following PowerShell script as an admin:

				
					Import-Module ActiveDirectory

Get-ADUser daveherrell -Properties * | select SamAccountName,msSFU30NisDomain,unixHomeDirectory,loginShell,uidNumber,gidnumber,
  @{Label='PrimaryGroupDN';Expression={(Get-ADGroup -Filter {GIDNUMBER -eq $_.gidnumber}).DistinguishedName}}

This will run the ActiveDirectory module and print out something simliar to this:

				
					PS C:\Windows\system32> Import-Module ActiveDirectory
>>
>> Get-ADUser daveherrell -Properties * | select SamAccountName,msSFU30NisDomain,unixHomeDirectory,loginShell,uidNumber,gidnumber,
>>   @{Label='PrimaryGroupDN';Expression={(Get-ADGroup -Filter {GIDNUMBER -eq $_.gidnumber}).DistinguishedName}}


SamAccountName    : daveherrell
msSFU30NisDomain  : davedomain
unixHomeDirectory : /home/daveherrell
loginShell        : /bin/bash
uidNumber         : 10251
gidnumber         : 10251
PrimaryGroupDN    : CN=daveherrell.group,OU=unix-personal-groups,OU=Groups,DC=davedomain,DC=local

As you can see, you’ll get a print out of the users UNIX attributes which includes important items like their uidnumber and gidnumbers.   Nice and easy!

 

Hope you find this helpful!