06 April,2021 by Rambler
A common requirement when using Active Directory Groups and Linux is to check if the Active Directory Group is Unix enabled. In simple terms - Unix - enabling means to provide a group (or user) a Unix identity.
Importantly - Unix logons are identified in the system by an identifier. Sometimes you make a request to Unix enable an AD group and need to check if the group has actually been Unix - enabled.
When querying the Active Directory and to identify if an AD group has been Unix -enabled , the key is to resolve the AD group and the gidnumber . If there is no gidnumber associated with the group than the account is not Unix-enabled. The Gidnumber (aka Group Identifier) is used within Unix ,POSIX & Linux , when multiple users are put into groups.
Here is a Powershell statement using the Get-ADGroup cmdlet. If there is no gidnumber than the AD group is not Unix-enabled.
Get-ADGroup -Filter "name -like 'myADgroup'" -Properties * | select name,gidNumber
Read more on Powershell and Get-ADGroup
How to find Active Directory groups with Get-ADGroup search filter
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |