Highlighted
Respected Contributor.
Respected Contributor.
243 views

Executing a powershell script from Linux IDM Server

Jump to solution

So I haven't done a lot with powershell and noticed that it is supported on Linux. Has anybody worked with it and know if we can trigger it with java? I am assuming the biggest question is if the right cmdlets are there. We are trying to talk to each domain controller to get last login information for users to populate eDir.

xmlns:runtime="http://www.novell.com/nxsl/java/java.lang.Runtime"

 

Labels (1)
0 Likes
1 Solution

Accepted Solutions
Highlighted
Knowledge Partner
Knowledge Partner

I installed PowerShell 7 on the SLES server 12 (even when it not officially supported platform).

I found a number of limitations for this PowerShell implementation.

AzureAD and MSOnline modules can be "installed", but still not functional.

Previously MS promised, that it will work in the next version, but now they just don't include these modules in the list of the modules supported on the Linux platform. 

I'm not sure about AD cmdlets.

 Side question: why do not use LDAP query for receive "LastLogin" information from AD?

for example:

ldapsearch -h domain.test -p 389 -D "cn=login,ou=test,dc=domain,dc=test" -w "passwd" -s sub -b "ou=Test,dc=domain,dc=test" "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2)(lastlogontimestamp>=131550784796762354))" samAccountName lastlogontimestamp

View solution in original post

2 Replies
Highlighted
Knowledge Partner
Knowledge Partner

I installed PowerShell 7 on the SLES server 12 (even when it not officially supported platform).

I found a number of limitations for this PowerShell implementation.

AzureAD and MSOnline modules can be "installed", but still not functional.

Previously MS promised, that it will work in the next version, but now they just don't include these modules in the list of the modules supported on the Linux platform. 

I'm not sure about AD cmdlets.

 Side question: why do not use LDAP query for receive "LastLogin" information from AD?

for example:

ldapsearch -h domain.test -p 389 -D "cn=login,ou=test,dc=domain,dc=test" -w "passwd" -s sub -b "ou=Test,dc=domain,dc=test" "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2)(lastlogontimestamp>=131550784796762354))" samAccountName lastlogontimestamp

View solution in original post

Highlighted
Knowledge Partner
Knowledge Partner
Attributes for AD Users : lastLogonTimestamp
The Active Directory attribute lastLogonTimestamp shows the exact timestamp of the user's last successful domain authentication. In contrast to the lastLogon attribute th lastLogonTimestamp is replicated between all domain controllers in the domain - but only if the value is older than 14 days (minus a random percentage of 5 days). This restriction was designed to avoid network bandwidth usage by AD replication. So the lastLogonTimestamp value is rather suitable to shows us the accounts which hasn't been active for a long time.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.