9 May,16 at 11:30 AM
[root@RHEL64 ~]# adedit
>bind domain.test Administrator
Administrator@DOMAIN.TEST's password:
>slz "CN=Global,CN=Zones,CN=Centrify,CN=Program Data,DC=domain,DC=test"
2, List out the zone users of currently selected zone.
>lszu
test@domain.test:test:1451229684:2147483648:%{u:displayName}:%{home}/%{user}:%{shell}:
...
3, Select the problematic zone user as current user.
>slzu {test@domain.test}
4, Retrieve the AD object based on the value of addn retrieved from the currently selected zone user and store the object in memory.
>slo [gzuf addn]
5, Convert security descriptor (SD) in SDDL format retrieved from currently selected object to a human-readable form.
>explain_sd [gof sd]
Owner: Domain Admins
Group: Domain Admins
Dacl: protected (no inheritance),inherit supported,
Allow | | read property, | User-Account-Restrictions | inetOrgPerson | pre win2k
... ...
ADEdit Command Reference and Scripting Guide
Abbreviation and Command Syntax :
slz = select_zone
lszu = list_zone_users
slzu = select_zone_user
slo = select_object
gzuf = get_zone_user_field
gof = get_object_field