11 April,19 at 11:50 AM
Centrify ADEdit is a command-line interface (CLI) utility that enables UNIX administrators to manage Centrify objects—such as zones, rights, and roles—in Microsoft Active Directory.
Here's a custom script that will help you change the shell on all the zone users at the same time:
#!/bin/env adedit
package require ade_lib
bind
select_zone
foreach USER [get_zone_users] {
select_zone_user $USER
set_zone_user_field shell "%{shell}"
save_zone_user
}
Before you run it make sure to:
1. Specify the AD domain (in DNS format), Zone admin user and its password at line 5;
2. Specify the zone DN at line 7, see below how to retrieve this info:
3. Change the shell value at line 11 (for example set_zone_user_field shell "/bin/false");
4. Make sure to change the file permissions to allow execution (chmod +x file_name.sh).
KB-6040: How to change the license type in use after adclient successful joined to the AD?
KB-20210: Common Questions Regarding Centrify DirectControl and CoreOS
KB-6041: How to show current license type in use by adclient
KB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role?
How to use the Centrify PowerShell Module to Automate Access and Privilege Operations
[Basics] Centrify Zone schemas, UNIX identity data sourcing and provisioning - Part II
KB-6056: How to report the group policy settings that are in effect for the local computer?
KB-6038: How to specify the license type to use when joining the server to AD using adjoin?
[TIPS] A Centrify Server Suite Cheat Sheet