Executing a powershell script from Linux IDM Server

So I haven't done a lot with powershell and noticed that it is supported on Linux. Has anybody worked with it and know if we can trigger it with java? I am assuming the biggest question is if the right cmdlets are there. We are trying to talk to each domain controller to get last login information for users to populate eDir.

xmlns:runtime="">www.novell.com/.../java.lang.Runtime"

 

Parents
  • Verified Answer

    I installed PowerShell 7 on the SLES server 12 (even when it not officially supported platform).

    I found a number of limitations for this PowerShell implementation.

    AzureAD and MSOnline modules can be "installed", but still not functional.

    Previously MS promised, that it will work in the next version, but now they just don't include these modules in the list of the modules supported on the Linux platform. 

    I'm not sure about AD cmdlets.

     Side question: why do not use LDAP query for receive "LastLogin" information from AD?

    for example:

    ldapsearch -h domain.test -p 389 -D "cn=login,ou=test,dc=domain,dc=test" -w "passwd" -s sub -b "ou=Test,dc=domain,dc=test" "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2)(lastlogontimestamp>=131550784796762354))" samAccountName lastlogontimestamp

Reply
  • Verified Answer

    I installed PowerShell 7 on the SLES server 12 (even when it not officially supported platform).

    I found a number of limitations for this PowerShell implementation.

    AzureAD and MSOnline modules can be "installed", but still not functional.

    Previously MS promised, that it will work in the next version, but now they just don't include these modules in the list of the modules supported on the Linux platform. 

    I'm not sure about AD cmdlets.

     Side question: why do not use LDAP query for receive "LastLogin" information from AD?

    for example:

    ldapsearch -h domain.test -p 389 -D "cn=login,ou=test,dc=domain,dc=test" -w "passwd" -s sub -b "ou=Test,dc=domain,dc=test" "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2)(lastlogontimestamp>=131550784796762354))" samAccountName lastlogontimestamp

Children
  • Attributes for AD Users : lastLogonTimestamp
    The Active Directory attribute lastLogonTimestamp shows the exact timestamp of the user's last successful domain authentication. In contrast to the lastLogon attribute th lastLogonTimestamp is replicated between all domain controllers in the domain - but only if the value is older than 14 days (minus a random percentage of 5 days). This restriction was designed to avoid network bandwidth usage by AD replication. So the lastLogonTimestamp value is rather suitable to shows us the accounts which hasn't been active for a long time.