calum-github/ad_check.sh

## ad_check.sh
#!/bin/bash

#################################################################################
#                                                                               #
# Author:   Calum Hunter                                                        #
# Date:     22-08-2016                                                          #
# Version:  1.0                                                                 #
# Purpose:  Install check script for the AD Bind Package.                       #
#           This script checks to see if we are bound to AD and if our binding  #
#           is working. If we are not bound, or our binding is broken.          #
#           We rebind.                                                          #
#           Exit 1 = Do _NOT_ attempt a rebind. Everything is groovy baby       #
#           Exit 0 = Rebind, something is not right with out binding            #
#                                                                               #
#################################################################################

# Set up Logging
LOG_FILE=/tmp/ad_bind_install_check.log
touch $LOG_FILE
LOG_FILE_SIZE=$(du -k $LOG_FILE | awk '{print $1}')
if [ "$LOG_FILE_SIZE" -gt 1024 ]; then
        rm $LOG_FILE
        echo $(date "+%a %b %d %H:%M:%S") "*** Log file rotated ***" >> "$LOG_FILE"
fi
exec > >(tee -a ${LOG_FILE} )
exec 2> >(tee -a ${LOG_FILE} >&2)

# Basic variables
LDAP_TEST="your.ad.server"
TEST_ACCOUNT="an_ad_account"
DOMAIN="YOURDOMAIN"
DOMAIN_FRIENDLY="Your.Domain"

ID_CHECK_TEST(){
    #echo $(date "+%a %b %d %H:%M:%S") " - Final test, looking up test account with the id command"
    id "$TEST_ACCOUNT" > /dev/null
    ID_TEST_RESULT=$?
    if [ "$ID_TEST_RESULT" != "0" ]; then
        echo $(date "+%a %b %d %H:%M:%S") " [FAIL] - ID test failed! Unable to resolve user account using ID. We need to rebind."
        exit 0
    else
        #echo $(date "+%a %b %d %H:%M:%S") " - ID test passed with exit code: $ID_TEST_RESULT. No action to take."
        exit 1
    fi
}
# See if we can ping the ad server vip, if we can't ping it for whatever reason bail out here.
# echo $(date "+%a %b %d %H:%M:%S") " - Pinging $LDAP_TEST ..."
ping -qoc2 -t 6 $LDAP_TEST > /dev/null
PING_RESULT=$?
if [ "$PING_RESULT" != "0" ]; then
    echo $(date "+%a %b %d %H:%M:%S") " [FAIL] Ping test failed. Exiting 1 - No action to take. Exiting 1 here."
    exit 1
fi
# echo $(date "+%a %b %d %H:%M:%S") " [OK] Ping test exit code: $ping_result"
# Check that our binding is to the domain $DOMAIN_FRIENDLY
# echo $(date "+%a %b %d %H:%M:%S") " - Checking for $DOMAIN_FRIENDLY as the domain from dsconfigad -show ..."
if [[ $(dsconfigad -show | awk '/Active Directory Domain/{ print $NF }') == "$DOMAIN_FRIENDLY" ]]; then
    # echo $(date "+%a %b %d %H:%M:%S") " [OK] $DOMAIN_FRIENDLY is the configured domain, next..."
    ## See if we have a password for our computer
    security find-generic-password -l "/Active Directory/$DOMAIN" | grep "Active Directory" >> /dev/null
    SECURITY_TEST=$?
    # echo $(date "+%a %b %d %H:%M:%S") " - Security keychain test exit code: $SECURITY_TEST"
    if [ "$SECURITY_TEST" == "0" ]; then
        ## AD keychain file exists, continue
        # echo $(date "+%a %b %d %H:%M:%S") " [OK] Security Keychain test passed, next..."
        dscl /Active\ Directory/$DOMAIN/All\ Domains -read /Users/$TEST_ACCOUNT >> /dev/null
        DSCL_READ_TEST=$?
        # echo $(date "+%a %b %d %H:%M:%S") " - dscl read test exit code: $DSCL_READ_TEST"
        if [ "$DSCL_READ_TEST" == "0" ]; then
            ## Successful lookup of bind account. AD communication is working - no need to rebind
            # echo $(date "+%a %b %d %H:%M:%S") " [OK] DSCL read test successful, no need to rebind. Exiting 1 here"
            exit 1
        elif [ "$DSCL_READ_TEST" == "56" ]; then
            ## Appears to be bound but unable to communicate with AD - we should rebind
            echo $(date "+%a %b %d %H:%M:%S") " [FAIL] DSCL read test matched error code 56. unable to communicate with AD."
            ID_CHECK_TEST
        else
            echo $(date "+%a %b %d %H:%M:%S") " [FAIL] dscl read test gave error code: $DSCL_READ_TEST"
            ID_CHECK_TEST
        fi
    else
        # No ad keychain found or an error, lets rebind
        echo $(date "+%a %b %d %H:%M:%S") " [FAIL] No AD keychain found!"
        ID_CHECK_TEST
    fi
else
    ## No binding found at all - go ahead and bind
    echo $(date "+%a %b %d %H:%M:%S") " [FAIL] dsconfigad -show isn't matching $DOMAIN_FRIENDLY."
    ID_CHECK_TEST
fi
	#!/bin/bash

	#################################################################################
	# #
	# Author: Calum Hunter #
	# Date: 22-08-2016 #
	# Version: 1.0 #
	# Purpose: Install check script for the AD Bind Package. #
	# This script checks to see if we are bound to AD and if our binding #
	# is working. If we are not bound, or our binding is broken. #
	# We rebind. #
	# Exit 1 = Do _NOT_ attempt a rebind. Everything is groovy baby #
	# Exit 0 = Rebind, something is not right with out binding #
	# #
	#################################################################################

	# Set up Logging
	LOG_FILE=/tmp/ad_bind_install_check.log
	touch $LOG_FILE
	LOG_FILE_SIZE=$(du -k $LOG_FILE \| awk '{print $1}')
	if [ "$LOG_FILE_SIZE" -gt 1024 ]; then
	rm $LOG_FILE
	echo $(date "+%a %b %d %H:%M:%S") "* Log file rotated *" >> "$LOG_FILE"
	fi
	exec > >(tee -a ${LOG_FILE} )
	exec 2> >(tee -a ${LOG_FILE} >&2)

	# Basic variables
	LDAP_TEST="your.ad.server"
	TEST_ACCOUNT="an_ad_account"
	DOMAIN="YOURDOMAIN"
	DOMAIN_FRIENDLY="Your.Domain"

	ID_CHECK_TEST(){
	#echo $(date "+%a %b %d %H:%M:%S") " - Final test, looking up test account with the id command"
	id "$TEST_ACCOUNT" > /dev/null
	ID_TEST_RESULT=$?
	if [ "$ID_TEST_RESULT" != "0" ]; then
	echo $(date "+%a %b %d %H:%M:%S") " [FAIL] - ID test failed! Unable to resolve user account using ID. We need to rebind."
	exit 0
	else
	#echo $(date "+%a %b %d %H:%M:%S") " - ID test passed with exit code: $ID_TEST_RESULT. No action to take."
	exit 1
	fi
	}
	# See if we can ping the ad server vip, if we can't ping it for whatever reason bail out here.
	# echo $(date "+%a %b %d %H:%M:%S") " - Pinging $LDAP_TEST ..."
	ping -qoc2 -t 6 $LDAP_TEST > /dev/null
	PING_RESULT=$?
	if [ "$PING_RESULT" != "0" ]; then
	echo $(date "+%a %b %d %H:%M:%S") " [FAIL] Ping test failed. Exiting 1 - No action to take. Exiting 1 here."
	exit 1
	fi
	# echo $(date "+%a %b %d %H:%M:%S") " [OK] Ping test exit code: $ping_result"
	# Check that our binding is to the domain $DOMAIN_FRIENDLY
	# echo $(date "+%a %b %d %H:%M:%S") " - Checking for $DOMAIN_FRIENDLY as the domain from dsconfigad -show ..."
	if [[ $(dsconfigad -show \| awk '/Active Directory Domain/{ print $NF }') == "$DOMAIN_FRIENDLY" ]]; then
	# echo $(date "+%a %b %d %H:%M:%S") " [OK] $DOMAIN_FRIENDLY is the configured domain, next..."
	## See if we have a password for our computer
	security find-generic-password -l "/Active Directory/$DOMAIN" \| grep "Active Directory" >> /dev/null
	SECURITY_TEST=$?
	# echo $(date "+%a %b %d %H:%M:%S") " - Security keychain test exit code: $SECURITY_TEST"
	if [ "$SECURITY_TEST" == "0" ]; then
	## AD keychain file exists, continue
	# echo $(date "+%a %b %d %H:%M:%S") " [OK] Security Keychain test passed, next..."
	dscl /Active\ Directory/$DOMAIN/All\ Domains -read /Users/$TEST_ACCOUNT >> /dev/null
	DSCL_READ_TEST=$?
	# echo $(date "+%a %b %d %H:%M:%S") " - dscl read test exit code: $DSCL_READ_TEST"
	if [ "$DSCL_READ_TEST" == "0" ]; then
	## Successful lookup of bind account. AD communication is working - no need to rebind
	# echo $(date "+%a %b %d %H:%M:%S") " [OK] DSCL read test successful, no need to rebind. Exiting 1 here"
	exit 1
	elif [ "$DSCL_READ_TEST" == "56" ]; then
	## Appears to be bound but unable to communicate with AD - we should rebind
	echo $(date "+%a %b %d %H:%M:%S") " [FAIL] DSCL read test matched error code 56. unable to communicate with AD."
	ID_CHECK_TEST
	else
	echo $(date "+%a %b %d %H:%M:%S") " [FAIL] dscl read test gave error code: $DSCL_READ_TEST"
	ID_CHECK_TEST
	fi
	else
	# No ad keychain found or an error, lets rebind
	echo $(date "+%a %b %d %H:%M:%S") " [FAIL] No AD keychain found!"
	ID_CHECK_TEST
	fi
	else
	## No binding found at all - go ahead and bind
	echo $(date "+%a %b %d %H:%M:%S") " [FAIL] dsconfigad -show isn't matching $DOMAIN_FRIENDLY."
	ID_CHECK_TEST
	fi