Set UNIX ID Script
This is an extensive script designed to set the UNIX attributes for user and groups objects in Active Directory. This script currently sets the values from the Microsoft Services for UNIX 3.5 (MSFU3.5) schema extensions to Active Directory. However it should be trivial to modify this to the attributes in Windows Server 2003 R2, MSFU3.0 or other third party schema extensions.
This script is designed to ease the pain of using Active Directory for your centralized account information. All users and groups must have a Unix ID (UID or GID) assigned along with some other meta information. Rather then using the antiquated NIS as recommended by Microsoft with MSFU3.5 we are using nss_ldap with kerberos authentication. Microsoft does supply a snap in for Active Directory Users and Computers (nisprop.dll) that allows you to set and modify these UNIX attributes. However in my environment this snapin did not function correctly. Also setting the attributes for a large number of users would be quite tedious if all done manually.
This script is designed to be called from the command line to set attributes for a specific user or group. For example:
cscript /nologo setuid.vbs jdoe user
This would set the UNIX attributes for the jdoe user. The numeric UID set would be current highest UID value plus one or ten thousand if no UID is currently defined. The default shell (msSFU30LoginShell), default home directory (msSFU30HomeDirectory), default GID (msSFU30GidNumber) are all based off default values defined as global variables.
Alternatively you can set the UNIX attributes for all users and groups in your Active directory tree with the following command:
cscript /nologo setuid.vbs ALL
This will perform a search for all users and groups that do not currently have UNIX attributes defined and then add these same attributes. We have this command scheduled as a cron job to run periodically to add attributes to new created users and groups.
Thirdly, it is possible to use this script directly from Active Directory Users and Computers as a replacement for the nisprop.dll snap in. I would recommend using the snapin if possible, but this script does offer some benefits such as being able to define sensible defaults. For more details please see the source code.
Requirements:
- Active Directory schema extended with Microsoft Services for UNIX 3.5 Schema Extensions
- Run by an account with security permissions to modify targeted user and group objects
Instructions:
Modify these lines below to your desired settings and to match your enviroment:
Download:
setuid.vbs
This script is designed to ease the pain of using Active Directory for your centralized account information. All users and groups must have a Unix ID (UID or GID) assigned along with some other meta information. Rather then using the antiquated NIS as recommended by Microsoft with MSFU3.5 we are using nss_ldap with kerberos authentication. Microsoft does supply a snap in for Active Directory Users and Computers (nisprop.dll) that allows you to set and modify these UNIX attributes. However in my environment this snapin did not function correctly. Also setting the attributes for a large number of users would be quite tedious if all done manually.
This script is designed to be called from the command line to set attributes for a specific user or group. For example:
cscript /nologo setuid.vbs jdoe user
This would set the UNIX attributes for the jdoe user. The numeric UID set would be current highest UID value plus one or ten thousand if no UID is currently defined. The default shell (msSFU30LoginShell), default home directory (msSFU30HomeDirectory), default GID (msSFU30GidNumber) are all based off default values defined as global variables.
Alternatively you can set the UNIX attributes for all users and groups in your Active directory tree with the following command:
cscript /nologo setuid.vbs ALL
This will perform a search for all users and groups that do not currently have UNIX attributes defined and then add these same attributes. We have this command scheduled as a cron job to run periodically to add attributes to new created users and groups.
Thirdly, it is possible to use this script directly from Active Directory Users and Computers as a replacement for the nisprop.dll snap in. I would recommend using the snapin if possible, but this script does offer some benefits such as being able to define sensible defaults. For more details please see the source code.
Requirements:
- Active Directory schema extended with Microsoft Services for UNIX 3.5 Schema Extensions
- Run by an account with security permissions to modify targeted user and group objects
Instructions:
Modify these lines below to your desired settings and to match your enviroment:
' ---------------------------------------------------------
' Configuration Variables
' ---------------------------------------------------------
ldapBase = "DC=DOMAIN,DC=COM"
domainName = "DOMAIN"
defaultShell = "/bin/sh"
defaultGidNumber = "10000"
studentGidNumber = "10122"
defaultBaseHomeDir = "/home/staff/"
studentBaseHomeDir = "/home/student/"
studentIdentifier = "OU=Students"
alumnIdentifier = "OU=Alumn"
maxsetIDTries = 20
defaultBaseID = "9999"
Download:
setuid.vbs
| Permalink | | links to this post 