Monitor AD Group for Changes

From Michael's Information Zone
Jump to navigation Jump to search

The purpose behind this one is to monitor an AD group, and when an addition is made create a Google Authentication secret and email it to the new user. However the process is broken down into the following pieces

  1. Create a baseline
  2. Every X minutes read the group and compare to the baseline
  3. If a difference is detected, kick off a script
  4. Update the baseline with the new user.

With this in mind the following is steps 1 and 4.

  • Assuming you are already enrolled in a domain using SSSD
getent group security_group@your.domain > /baseline
sed -i 's|security_group@your.domain:*:<GID here>:||' /baseline
sed -i 's/,/\n/g' /baseline
  • Now that we have a baseline lets read from the group and compare if there are changes
Retrieved from "https://wiki.1701technology.com/index.php?title=Monitor_AD_Group_for_Changes&oldid=223"