Password expiration script
Posted: Thu May 21, 2020 3:35 am
Hey, did some debugging on this, as I could not get it to work. Finally figured out that CN=Users only works for the built in Users OU. When customers have custom OUs, it's OU=Users,OU=CustomerFolder, etc. (Learning LDAP and AD on the fly)
Now that I have that part figured out, I have this running for a few more customers that have their users (thankfully) in a single OU.
However we have one large multi-site customer that has an OU structure per state. (We inherited that setup unfortunately)
And The Habitat AD Passwords Expired inventory seems to be looking only at a single OU.
Is there any option to look at multiple OUs? (Or just any user account on the domain in general, rather than being specific to a single OU?)
I just tested this with the Get-ADUser command, and just running it with -filter * shows me all accounts (ie, omitting -SearchBase)
Can we make that LDAP directory root field in Habitat optional? If we leave it blank, don't use SearchBase, and if it's entered, limit it to SearchBase?
That would solve a lot of my issues.
Now that I have that part figured out, I have this running for a few more customers that have their users (thankfully) in a single OU.
However we have one large multi-site customer that has an OU structure per state. (We inherited that setup unfortunately)
And The Habitat AD Passwords Expired inventory seems to be looking only at a single OU.
Is there any option to look at multiple OUs? (Or just any user account on the domain in general, rather than being specific to a single OU?)
I just tested this with the Get-ADUser command, and just running it with -filter * shows me all accounts (ie, omitting -SearchBase)
Can we make that LDAP directory root field in Habitat optional? If we leave it blank, don't use SearchBase, and if it's entered, limit it to SearchBase?
That would solve a lot of my issues.