-
Notifications
You must be signed in to change notification settings - Fork 0
/
migrate_AD.sh
136 lines (100 loc) · 4.29 KB
/
migrate_AD.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
#!/bin/bash
#set -x
#trap read debug
# Subject: RE: [External] Incident INC7069358 has been assigned to you. Priority: 3 - Moderate Client: ALSC Description: Servers joined with Winbind - Not joined
#
# Problem is that we’re maintaining the uid incorrect mapping.
# Delete home directory folders may help for standalone users, but not for existing applications.
#
# Only option that comes to my mind is to track any uuid that exist previous to the migration.
# For example, track each owner and uid for each file
#
# User | UUID
# UserA;100010101
# UserB;100010012
#
# After track this do a find for any file with that UUID, and change to user string A.
#
# Regards,
#
# ________________________________________________________________
# Somebody
# script by Hernán De León
# 2018
#run as root or exit
whoami | grep -v "root" && echo "Run this script as ROOT user" && exit 1
# check if windbind is installed
rpm -qa | grep samba winbind && echo "Oudated windbind found"
service sssd status
id chef_administrator
# this script it for issued RH6 instances, if not, exit
cat /etc/redhat-release | grep 6 || exit 1
join_ad(){
mkdir /tmp/AD_packages
cd /tmp/AD_packages
curl -O https://s3.amazonaws.com/software-installable-bin/Linux_Scripts/linux_ad_integration.sh
# If there is an error Downloading the linux_ad_integration.sh script.
head linux_ad_integration.sh | grep "Access Denied" && \
echo "ERROR: Please whitelist the instance IP in the C3 pfSense to download the linux_ad_integration script."
# ASKS for AD Credentials:
echo "Insert user with \"domain admin\" rights"; read AD_USER
# echo "Password:"; read AD_PSSWD --> the script will ask for a password
##Get the Active Directory IP from resolv.conf
export AD_IP=$(cat /etc/resolv.conf | grep -m 1 nameserver | awk '{printf $2}')
echo "AD IP: $AD_IP"
#telnet $AD_IP 389
chmod +x linux_ad_integration.sh
./linux_ad_integration.sh --cleanoldconfigs
bash -x linux_ad_integration.sh --install $AD_IP $AD_USER # $AD_PSSWD --> the script will ask for a password
}
#sssd is running or install it!
service sssd status || join_ad
#sssd is running or exit
service sssd status || exit 1
#AD is working or exit
id chef_administrator || exit 1
echo "AD INTEGRATION IS WORKING"
# create folder
mkdir /tmp/USERS_UID 2> /dev/null
MyFolder="/tmp/USERS_UID"
ls -al | tee $MyFolder/home_ownership_found.txt
echo "Get users name"
# List ONLY folders, and delete the "/" at the end
cd /home/ # Go to home folder
ls -C1 -d */ > $MyFolder/USERNAME_LIST.txt
## checking if the folders have "/" at the end as :
#a.dayanand.wadkar/
cat $MyFolder/USERNAME_LIST.txt | grep "/" && ls -C1 -d */ | rev | cut -c 2- | rev | sort > $MyFolder/USERNAME_LIST.txt
echo "get users id"
cat $MyFolder/USERNAME_LIST.txt | xargs -L1 id -u &> $MyFolder/UID_LIST.txt #inclueded error prompt
cat $MyFolder/UID_LIST.txt | grep -i "No such user" > $MyFolder/Users_not_in_AD.txt
echo "join both into a table"
paste $MyFolder/UID_LIST.txt $MyFolder/USERNAME_LIST.txt | grep -iv "No such user" | sort -n > $MyFolder/USERS_TABLE.txt
cat $MyFolder/USERS_TABLE.txt
echo "Folders without users in AD"
cat $MyFolder/Users_not_in_AD.txt
change_ownership() {
echo "############################################-- Scanning, Please Wait --###########################################"
echo "# User Name is $f"
echo "# User ID is $MyID"
echo "# Primary Group is $MyGROUP \n\n"
echo "### Search folders owned by $f"
find / -name $f > $MyFolder/owned_by_$f.txt 2>/dev/null
echo "### Changing folders ownership if needed"
cat $MyFolder/owned_by_$f.txt | xargs -L1 chown -Rv "$f:$MyGROUP" 2>&1 | tee $MyFolder/owned_by_$f_changed.log
}
# Search folder owned by each user
MyUSER=`cat $MyFolder/USERNAME_LIST.txt | grep -iv 'No such user\| root \| ec2-user' |sort -n`
for f in $MyUSER
do
MyID=`id -u $f` #get User ID
MyUSERNAME="$f" #check username
MyGROUP=`id -gn $f` #check user's primary group, not assume "domain users".
if [ $(echo -n $MyID) -gt 10000 ]; then # check if it's a local user or AD user, skipping Local users.
# check if user exist in AD, if "No such user", skip it.
id -u $f && change_ownership # do it for every user with ID.
fi
done
ls -al /home | tee $MyFolder/home_ownership_results.txt
echo "######### Logs and information at $MyFolder"
exit 0