Listing Users with Universal Passwords

0 Likes
over 14 years ago

Problem



A Forum reader recently asked:



"I need to get a list of all users in a tree that already use universal passwords. We're running eDirectory 8.8 SP1, and I tried to use diagpwd.exe to get the information I need. But diagpwd.exe only gets some of the users; others return an error -1631, though they definitely have a Universal Password set."



And here's the response from Chuck Perilli ...



Solution



We use JRB's GETNAME utility (part of the JRB Utilities package). I wrote a batch file that uses GETNAME to list Universal Password Policies for users, OU's, and O's:




**************************************************************
@echo off
if "%1" == "" goto syntax
if "%1" == "all" goto getall
if "%1" == "ALL" goto getall
getname %
1 /a=nspmPasswordPolicy /n /z /yc /s /l=upwdlist.txt /e=upwdlist.err
goto exit

:getall
getname
* /a=nspmPasswordPolicy /n /yc /s /r /u /x /l=upwdall.txt /e=upwdall.err %
2 %3
getname
* /a=nspmPasswordPolicy /n /yc /s /o="Organization" /r /x /l=upwdall.txt,a
/e=upwdall.err,a %2 %3
getname
* /a=nspmPasswordPolicy /n /yc /s /o="OU" /r /x /l=upwdall.txt,a /e=upwdal
l.err,a %2 %3
if "%2" == "/j" goto copyfile
if "%2" == "/J" goto copyfile
goto exit

:syntax
echo.
echo Syntax is:
echo GETUPWD .empnum.full.context
echo ex: GETUPWD .34567.20000.hq.nfcu
echo ex: GETUPWD .*.30000.hq.nfcu (will list all in 30000 container)
echo (list will be saved to UPWDLIST.TXT)
echo.
echo -or-
echo.
echo To list ALL users with Universal Password to UPWDALL.TXT...
echo GETUPWD all
echo.
goto exit

:copyfile
copy upwdall.txt fromjrb.txt

:exit
**************************************************************


The output looks like this:



.west9.30000.HQ.NFCU     .Prod Universal Password Exceptions.Password
Policies.Security
.00000.HQ.NFCU .Prod Universal Password Policy.Password
Policies.Security
.30000.HQ.NFCU .Prod Universal Password Policy.Password
Policies.Security


This shows U.P. policy applied to OUs 00000 and 30000 with the overiding exception policy applied to user west9.30000. I actually have this job scripted to produce a list of all policy
assignments every night. We keep this history for a week.



JRB has some very nice tools we use on a daily basis.

Labels:

How To-Best Practice
Comment List
Anonymous
Related Discussions
Recommended