Difference between revisions of "Monitor AD Group for Changes"
Jump to navigation
Jump to search
Michael.mast (talk | contribs) (Created page with "The purpose behind this one is to monitor an AD group, and when an addition is made create a Google Authentication secret and email it to the new user. However the process is...") |
(No difference)
|
Latest revision as of 13:52, 27 September 2016
The purpose behind this one is to monitor an AD group, and when an addition is made create a Google Authentication secret and email it to the new user. However the process is broken down into the following pieces
- Create a baseline
- Every X minutes read the group and compare to the baseline
- If a difference is detected, kick off a script
- Update the baseline with the new user.
With this in mind the following is steps 1 and 4.
- Assuming you are already enrolled in a domain using SSSD
getent group security_group@your.domain > /baseline sed -i 's|security_group@your.domain:*:<GID here>:||' /baseline sed -i 's/,/\n/g' /baseline
- Now that we have a baseline lets read from the group and compare if there are changes
