Last active
December 1, 2016 02:49
-
-
Save calum-github/405d28ebde2c00d1d3e124a5f6efe36d to your computer and use it in GitHub Desktop.
iterate over ad users to determine uid
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Author: Calum Hunter | |
# Date: 28/11/2016 | |
# Version: 1.0 | |
# Purpose: To generate a Mac UID from the objectGUID attribute | |
# (GeneratedUID) in AD. | |
# This uses the same method that the Apple | |
# AD Plugin uses | |
# | |
## Start by loading up our ldap query variables | |
SVC_ACCOUNT_NAME="Username" | |
SVC_ACCOUNT_PASS="Password" | |
DOMAIN="my.domain" | |
LDAP_SERVER="dc.my.domain:389" | |
SEARCH_BASE="OU=Users,DC=My,DC=Domain" | |
DECODE_BASE64(){ | |
# This function takes the encoded output from ldapsearch and decodes it | |
# It then needs to be "hex-dumped" in order to get it into regular text | |
# So that we can work with it | |
OBJECT_ID="$1" | |
BASE64_DECODED=$(echo $OBJECT_ID | base64 -D) | |
G=($(echo ${BASE64_DECODED} | hexdump -e '16/1 " %02X"')) | |
OBJECTGUID="${G[3]}${G[2]}${G[1]}${G[0]}-${G[5]}${G[4]}-${G[7]}${G[6]}-${G[8]}${G[9]}-${G[10]}${G[11]}${G[12]}${G[13]}${G[14]}${G[15]}" | |
} | |
# Search LDAP for our user account | |
RESULT=$(ldapsearch -LLL -H ldap://$LDAP_SERVER -E pr=1000/noprompt -o ldif-wrap=no -x -D ${SVC_ACCOUNT_NAME}@$DOMAIN -w ${SVC_ACCOUNT_PASS} -b "${SEARCH_BASE}" \ | |
-s sub -a always "(objectClass=user)" "sAMAccountName" "objectGUID") | |
i=1 | |
s=1 | |
declare -a RESULT_ARRAY | |
while IFS= read -r line; do | |
# If we find an empty line, then we increase the counter (i), | |
# set the flag (s) to one, and skip to the next line | |
[[ $line == "" ]] && ((i++)) && s=1 && continue | |
# If the flag (s) is zero, then we are not in a new line of the block | |
# so we set the value of the array to be the previous value concatenated | |
# with the current line | |
[[ $s == 0 ]] && RESULT_ARRAY[$i]="${RESULT_ARRAY[$i]} | |
$line" || { | |
# Otherwise we are in the first line of the block, so we set the value | |
# of the array to the current line, and then we reset the flag (s) to zero | |
RESULT_ARRAY[$i]="$line" | |
s=0; | |
} | |
done <<< "$RESULT" | |
for USER in "${RESULT_ARRAY[@]}"; do | |
USER_DN=$(echo "$USER" | grep "dn:") | |
USER_GUID_BASE64=$(echo "$USER" | awk -F "::" '/objectGUID/ {print $2}') | |
# Get our GeneratedUID from LDAPSEARCH by decoding and hex dumping it | |
DECODE_BASE64 "$USER_GUID_BASE64" | |
# Now lets get the first 32 bits of our GUID | |
GUID_32=${OBJECTGUID:0:8} | |
# Now convert this to decimal | |
GUID_32_DEC=$(echo "ibase=16; $GUID_32" | bc) | |
if [ $GUID_32_DEC -gt 2147483647 ]; then | |
# Get the first character of our 32bit GUID | |
FIRST_CHAR=${GUID_32:0:1} | |
# Use the below table to replace the first character with number it represents. ie: A=2 | |
case $FIRST_CHAR in | |
A) | |
NUMBER=2 ;; | |
B) | |
NUMBER=3 ;; | |
C) | |
NUMBER=4 ;; | |
D) | |
NUMBER=5 ;; | |
E) | |
NUMBER=6 ;; | |
F) | |
NUMBER=7 ;; | |
9) | |
NUMBER=1 ;; | |
8) | |
NUMBER=0 ;; | |
*) | |
esac | |
# Now lets replace the first character with our new number | |
A=$(echo $GUID_32 | cut -c2-) | |
NEW_32_GUID="${NUMBER}${A}" | |
GUID_32_DEC=$(echo "ibase=16; $NEW_32_GUID" | bc) | |
fi | |
# Echo our output | |
USERNAME=$(echo $USER_DN | awk -F "dn:" '{print $2}') | |
echo "$USERNAME,$GUID_32_DEC" | |
echo "$USERNAME,$GUID_32_DEC" >> users_with_UID.csv | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment