Skip to content

Instantly share code, notes, and snippets.

@calum-github

calum-github/ad.sh

Last active Dec 1, 2016
Embed
What would you like to do?
iterate over ad users to determine uid
#!/bin/bash
#
# Author: Calum Hunter
# Date: 28/11/2016
# Version: 1.0
# Purpose: To generate a Mac UID from the objectGUID attribute
# (GeneratedUID) in AD.
# This uses the same method that the Apple
# AD Plugin uses
#
## Start by loading up our ldap query variables
SVC_ACCOUNT_NAME="Username"
SVC_ACCOUNT_PASS="Password"
DOMAIN="my.domain"
LDAP_SERVER="dc.my.domain:389"
SEARCH_BASE="OU=Users,DC=My,DC=Domain"
DECODE_BASE64(){
# This function takes the encoded output from ldapsearch and decodes it
# It then needs to be "hex-dumped" in order to get it into regular text
# So that we can work with it
OBJECT_ID="$1"
BASE64_DECODED=$(echo $OBJECT_ID | base64 -D)
G=($(echo ${BASE64_DECODED} | hexdump -e '16/1 " %02X"'))
OBJECTGUID="${G[3]}${G[2]}${G[1]}${G[0]}-${G[5]}${G[4]}-${G[7]}${G[6]}-${G[8]}${G[9]}-${G[10]}${G[11]}${G[12]}${G[13]}${G[14]}${G[15]}"
}
# Search LDAP for our user account
RESULT=$(ldapsearch -LLL -H ldap://$LDAP_SERVER -E pr=1000/noprompt -o ldif-wrap=no -x -D ${SVC_ACCOUNT_NAME}@$DOMAIN -w ${SVC_ACCOUNT_PASS} -b "${SEARCH_BASE}" \
-s sub -a always "(objectClass=user)" "sAMAccountName" "objectGUID")
i=1
s=1
declare -a RESULT_ARRAY
while IFS= read -r line; do
# If we find an empty line, then we increase the counter (i),
# set the flag (s) to one, and skip to the next line
[[ $line == "" ]] && ((i++)) && s=1 && continue
# If the flag (s) is zero, then we are not in a new line of the block
# so we set the value of the array to be the previous value concatenated
# with the current line
[[ $s == 0 ]] && RESULT_ARRAY[$i]="${RESULT_ARRAY[$i]}
$line" || {
# Otherwise we are in the first line of the block, so we set the value
# of the array to the current line, and then we reset the flag (s) to zero
RESULT_ARRAY[$i]="$line"
s=0;
}
done <<< "$RESULT"
for USER in "${RESULT_ARRAY[@]}"; do
USER_DN=$(echo "$USER" | grep "dn:")
USER_GUID_BASE64=$(echo "$USER" | awk -F "::" '/objectGUID/ {print $2}')
# Get our GeneratedUID from LDAPSEARCH by decoding and hex dumping it
DECODE_BASE64 "$USER_GUID_BASE64"
# Now lets get the first 32 bits of our GUID
GUID_32=${OBJECTGUID:0:8}
# Now convert this to decimal
GUID_32_DEC=$(echo "ibase=16; $GUID_32" | bc)
if [ $GUID_32_DEC -gt 2147483647 ]; then
# Get the first character of our 32bit GUID
FIRST_CHAR=${GUID_32:0:1}
# Use the below table to replace the first character with number it represents. ie: A=2
case $FIRST_CHAR in
A)
NUMBER=2 ;;
B)
NUMBER=3 ;;
C)
NUMBER=4 ;;
D)
NUMBER=5 ;;
E)
NUMBER=6 ;;
F)
NUMBER=7 ;;
9)
NUMBER=1 ;;
8)
NUMBER=0 ;;
*)
esac
# Now lets replace the first character with our new number
A=$(echo $GUID_32 | cut -c2-)
NEW_32_GUID="${NUMBER}${A}"
GUID_32_DEC=$(echo "ibase=16; $NEW_32_GUID" | bc)
fi
# Echo our output
USERNAME=$(echo $USER_DN | awk -F "dn:" '{print $2}')
echo "$USERNAME,$GUID_32_DEC"
echo "$USERNAME,$GUID_32_DEC" >> users_with_UID.csv
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment