acidprime/windowsGroupExport.sh

## windowsGroupExport.sh
#!/bin/bash
LDAP_SERVER="ldap.example.com"
IFS=$'\n'
ldapsearch -LLL -h "$LDAP_SERVER" -x -D uid=diradmin,cn=users,dc=example,dc=com -w password -b cn=groups,dc=example,dc=com '(&(objectClass=posixGroup)(!(cn=Domain*))(!(cn=com.apple.*))(!(cn=admin))(!(cn=staff)))' description apple-group-realname memberUid |
sed 's/^apple-group-realname:/name:/g' |
sed 's/cn=groups,dc=example,dc=com/ou=ImportedUsers,dc=ad,dc=example,dc=com/g' |
while read line ; do
        if [ "$line" != "${line/dn://}" ] ; then
                        declare MY_UID="$(echo "$line" | awk -F'[=,]' '/^dn:/{print $2}' )"
                        declare MY_CN="$(ldapsearch -LLL -h "$LDAP_SERVER" -x -D uid=diradmin,cn=users,dc=example,dc=com -w password -b cn=groups,dc=example,dc=com "(&(objectClass=posixGroup)(&(cn=$MY_UID)))" apple-group-realname |
                                                                awk /^apple-group-realname:/ |
                                                                        sed 's/^apple-group-realname: //g')"
               	declare MY_NEWLINE="$(echo "$line" | sed "s/$MY_UID/$MY_CN/g" )"
               	echo "$MY_NEWLINE"
		echo "changetype: add"
		echo "objectClass: top"
		echo "objectClass: group"
		echo "objectClass: apple-group"
		echo "groupType: -2147483646"
                echo "cn: $MY_CN"
                echo "sAMAccountName: $MY_UID"
		continue
	fi
	if [ "$line" != "${line/memberUid://}" ] ; then
                declare MY_UID="$(echo $line | awk '/^memberUid:/{print $2}' )"
        if [ "$MY_UID" == root ] ; then
                continue
        fi

	if [ "$MY_UID" == diradmin ] ; then
		continue
	fi

declare MY_CN="$(ldapsearch -LLL -h "$LDAP_SERVER" -x -D uid=diradmin,cn=users,dc=example,dc=com -w password -b cn=users,dc=example,dc=com "(&(objectClass=posixAccount)(&(uid=$MY_UID)))" cn |
                                                                awk /^cn:/ |
                                                                        sed 's/^cn: //g')"
			echo "member: CN=$MY_CN,OU=ImportedUsers,DC=ad,dc=example,dc=com"
	else
		echo "$line"
	fi
done
	#!/bin/bash
	LDAP_SERVER="ldap.example.com"
	IFS=$'\n'
	ldapsearch -LLL -h "$LDAP_SERVER" -x -D uid=diradmin,cn=users,dc=example,dc=com -w password -b cn=groups,dc=example,dc=com '(&(objectClass=posixGroup)(!(cn=Domain))(!(cn=com.apple.))(!(cn=admin))(!(cn=staff)))' description apple-group-realname memberUid \|
	sed 's/^apple-group-realname:/name:/g' \|
	sed 's/cn=groups,dc=example,dc=com/ou=ImportedUsers,dc=ad,dc=example,dc=com/g' \|
	while read line ; do
	if [ "$line" != "${line/dn://}" ] ; then
	declare MY_UID="$(echo "$line" \| awk -F'[=,]' '/^dn:/{print $2}' )"
	declare MY_CN="$(ldapsearch -LLL -h "$LDAP_SERVER" -x -D uid=diradmin,cn=users,dc=example,dc=com -w password -b cn=groups,dc=example,dc=com "(&(objectClass=posixGroup)(&(cn=$MY_UID)))" apple-group-realname \|
	awk /^apple-group-realname:/ \|
	sed 's/^apple-group-realname: //g')"
	declare MY_NEWLINE="$(echo "$line" \| sed "s/$MY_UID/$MY_CN/g" )"
	echo "$MY_NEWLINE"
	echo "changetype: add"
	echo "objectClass: top"
	echo "objectClass: group"
	echo "objectClass: apple-group"
	echo "groupType: -2147483646"
	echo "cn: $MY_CN"
	echo "sAMAccountName: $MY_UID"
	continue
	fi
	if [ "$line" != "${line/memberUid://}" ] ; then
	declare MY_UID="$(echo $line \| awk '/^memberUid:/{print $2}' )"
	if [ "$MY_UID" == root ] ; then
	continue
	fi

	if [ "$MY_UID" == diradmin ] ; then
	continue
	fi

	declare MY_CN="$(ldapsearch -LLL -h "$LDAP_SERVER" -x -D uid=diradmin,cn=users,dc=example,dc=com -w password -b cn=users,dc=example,dc=com "(&(objectClass=posixAccount)(&(uid=$MY_UID)))" cn \|
	awk /^cn:/ \|
	sed 's/^cn: //g')"
	echo "member: CN=$MY_CN,OU=ImportedUsers,DC=ad,dc=example,dc=com"
	else
	echo "$line"
	fi
	done