Monitor AD Group for Changes

From Michael's Information Zone
Revision as of 12:52, 27 September 2016 by Michael.mast (talk | contribs) (Created page with "The purpose behind this one is to monitor an AD group, and when an addition is made create a Google Authentication secret and email it to the new user. However the process is...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

The purpose behind this one is to monitor an AD group, and when an addition is made create a Google Authentication secret and email it to the new user. However the process is broken down into the following pieces

  1. Create a baseline
  2. Every X minutes read the group and compare to the baseline
  3. If a difference is detected, kick off a script
  4. Update the baseline with the new user.

With this in mind the following is steps 1 and 4.

  • Assuming you are already enrolled in a domain using SSSD
getent group security_group@your.domain > /baseline
sed -i 's|security_group@your.domain:*:<GID here>:||' /baseline
sed -i 's/,/\n/g' /baseline
  • Now that we have a baseline lets read from the group and compare if there are changes
Retrieved from "https://wiki.1701technology.com/index.php?title=Monitor_AD_Group_for_Changes&oldid=223"