Created
May 9, 2018 07:08
-
-
Save calum-github/571d8006cf275a1b350b861ee23bad7b to your computer and use it in GitHub Desktop.
checks to see if its bound to AD or not.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
################################################################################# | |
# # | |
# Author: Calum Hunter # | |
# Date: 22-08-2016 # | |
# Version: 1.0 # | |
# Purpose: Install check script for the AD Bind Package. # | |
# This script checks to see if we are bound to AD and if our binding # | |
# is working. If we are not bound, or our binding is broken. # | |
# We rebind. # | |
# Exit 1 = Do _NOT_ attempt a rebind. Everything is groovy baby # | |
# Exit 0 = Rebind, something is not right with out binding # | |
# # | |
################################################################################# | |
# Set up Logging | |
LOG_FILE=/tmp/ad_bind_install_check.log | |
touch $LOG_FILE | |
LOG_FILE_SIZE=$(du -k $LOG_FILE | awk '{print $1}') | |
if [ "$LOG_FILE_SIZE" -gt 1024 ]; then | |
rm $LOG_FILE | |
echo $(date "+%a %b %d %H:%M:%S") "*** Log file rotated ***" >> "$LOG_FILE" | |
fi | |
exec > >(tee -a ${LOG_FILE} ) | |
exec 2> >(tee -a ${LOG_FILE} >&2) | |
# Basic variables | |
LDAP_TEST="your.ad.server" | |
TEST_ACCOUNT="an_ad_account" | |
DOMAIN="YOURDOMAIN" | |
DOMAIN_FRIENDLY="Your.Domain" | |
ID_CHECK_TEST(){ | |
#echo $(date "+%a %b %d %H:%M:%S") " - Final test, looking up test account with the id command" | |
id "$TEST_ACCOUNT" > /dev/null | |
ID_TEST_RESULT=$? | |
if [ "$ID_TEST_RESULT" != "0" ]; then | |
echo $(date "+%a %b %d %H:%M:%S") " [FAIL] - ID test failed! Unable to resolve user account using ID. We need to rebind." | |
exit 0 | |
else | |
#echo $(date "+%a %b %d %H:%M:%S") " - ID test passed with exit code: $ID_TEST_RESULT. No action to take." | |
exit 1 | |
fi | |
} | |
# See if we can ping the ad server vip, if we can't ping it for whatever reason bail out here. | |
# echo $(date "+%a %b %d %H:%M:%S") " - Pinging $LDAP_TEST ..." | |
ping -qoc2 -t 6 $LDAP_TEST > /dev/null | |
PING_RESULT=$? | |
if [ "$PING_RESULT" != "0" ]; then | |
echo $(date "+%a %b %d %H:%M:%S") " [FAIL] Ping test failed. Exiting 1 - No action to take. Exiting 1 here." | |
exit 1 | |
fi | |
# echo $(date "+%a %b %d %H:%M:%S") " [OK] Ping test exit code: $ping_result" | |
# Check that our binding is to the domain $DOMAIN_FRIENDLY | |
# echo $(date "+%a %b %d %H:%M:%S") " - Checking for $DOMAIN_FRIENDLY as the domain from dsconfigad -show ..." | |
if [[ $(dsconfigad -show | awk '/Active Directory Domain/{ print $NF }') == "$DOMAIN_FRIENDLY" ]]; then | |
# echo $(date "+%a %b %d %H:%M:%S") " [OK] $DOMAIN_FRIENDLY is the configured domain, next..." | |
## See if we have a password for our computer | |
security find-generic-password -l "/Active Directory/$DOMAIN" | grep "Active Directory" >> /dev/null | |
SECURITY_TEST=$? | |
# echo $(date "+%a %b %d %H:%M:%S") " - Security keychain test exit code: $SECURITY_TEST" | |
if [ "$SECURITY_TEST" == "0" ]; then | |
## AD keychain file exists, continue | |
# echo $(date "+%a %b %d %H:%M:%S") " [OK] Security Keychain test passed, next..." | |
dscl /Active\ Directory/$DOMAIN/All\ Domains -read /Users/$TEST_ACCOUNT >> /dev/null | |
DSCL_READ_TEST=$? | |
# echo $(date "+%a %b %d %H:%M:%S") " - dscl read test exit code: $DSCL_READ_TEST" | |
if [ "$DSCL_READ_TEST" == "0" ]; then | |
## Successful lookup of bind account. AD communication is working - no need to rebind | |
# echo $(date "+%a %b %d %H:%M:%S") " [OK] DSCL read test successful, no need to rebind. Exiting 1 here" | |
exit 1 | |
elif [ "$DSCL_READ_TEST" == "56" ]; then | |
## Appears to be bound but unable to communicate with AD - we should rebind | |
echo $(date "+%a %b %d %H:%M:%S") " [FAIL] DSCL read test matched error code 56. unable to communicate with AD." | |
ID_CHECK_TEST | |
else | |
echo $(date "+%a %b %d %H:%M:%S") " [FAIL] dscl read test gave error code: $DSCL_READ_TEST" | |
ID_CHECK_TEST | |
fi | |
else | |
# No ad keychain found or an error, lets rebind | |
echo $(date "+%a %b %d %H:%M:%S") " [FAIL] No AD keychain found!" | |
ID_CHECK_TEST | |
fi | |
else | |
## No binding found at all - go ahead and bind | |
echo $(date "+%a %b %d %H:%M:%S") " [FAIL] dsconfigad -show isn't matching $DOMAIN_FRIENDLY." | |
ID_CHECK_TEST | |
fi | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment