11 April,19 at 09:29 PM
Question:
How to query from the UNIX client for all Zones and machines in those Zones using ldapsearch?
Answer:
#Get all Centrify Zones
/usr/share/centrifydc/bin/ldapsearch -m -QQQ -LLL -H LDAP:// -b "dc=centrify,dc=dt" "(&(|(displayName=\$cimszoneversion*))(objectclass=container))" dn | egrep -v '(\#|^$)'
To search for all computers in a particular zone, add CN=Computers in front of the zone's DN (e.g. -b "CN=Computers,$ZoneDN") and run the command below:
#Get all machines for a given Zone
/usr/share/centrifydc/bin/ldapsearch -m -QQQ -LLL -H LDAP:// -b "CN=Computers,$ZONEDN” "(&(displayName=\$cimscomputerversion*)(objectclass=serviceConnectionPoint))" dn | egrep -v '(\#|^$)'
The script can be easily modified for users and groups, but note that the cimsversion filter will need to be updated from what is shown above.
KB-20210: Common Questions Regarding Centrify DirectControl and CoreOS
KB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role?
KB-6041: How to show current license type in use by adclient
KB-6040: How to change the license type in use after adclient successful joined to the AD?
KB-6056: How to report the group policy settings that are in effect for the local computer?
KB-6038: How to specify the license type to use when joining the server to AD using adjoin?
KB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0)
[TIPS] A Centrify Server Suite Cheat Sheet
KB-6044: How to configure users for automatic Kerberos Credentials for infinite renewal even after users have logged out?