How to check an AD group is Unix-Enabled with Powershell

06 April,2021 by Jack Vamvas

A common requirement when using Active Directory Groups and Linux is to check if the Active Directory Group is Unix enabled. In simple terms - Unix - enabling means to provide a group (or user) a Unix identity. 

Importantly - Unix logons are identified in the system by an  identifier. Sometimes you make a request to Unix enable an AD group and need to check if the group has actually been Unix - enabled. 

When querying the Active Directory and to identify if an AD group has been Unix -enabled ,  the key is to resolve the AD group and the gidnumber . If there is no gidnumber associated with the  group  than the account is not Unix-enabled. The Gidnumber (aka Group Identifier)  is used within Unix ,POSIX & Linux , when multiple users are put into groups. 

Here is a Powershell statement using the Get-ADGroup cmdlet. If there is no gidnumber than the AD group is not Unix-enabled. 

 

Get-ADGroup -Filter "name -like 'myADgroup'" -Properties * | select name,gidNumber

 

Read more on Powershell and Get-ADGroup

How to find Active Directory groups with Get-ADGroup search filter


Author: Jack Vamvas (http://www.dba-ninja.com)


Share:

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment on How to check an AD group is Unix-Enabled with Powershell


dba-ninja.com