02-28-2012
"Users log in with their AD accounts and user folders are created locally and pulled from the default new user template that I've modified to suit our environment."
I presume the account credentials are cached locally. If not, then all you have to do is remove the home folder.
If the account credentials are cached locally, then the user can log in without a network connection. You will need to delete the locally cached user account data using the dscl command.
You can try:
dscl localhost -read...
or:
dscl localonly -read...
But dscl . -read... is valid according to the man page for dscl:
man dscl
ldap may be a dead end, as you are binding machines to AD, which doesn't generally require configuring the generic ldap directory service at all.
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
hi all, i m tryin to create a new account on the unix work station. do i use 'useradd' command? can u guyz advice on the usage of 'useradd' command as it can comes with 'useradd -D' or 'useradd -e'
thanks :confused: (1 Reply)
Discussion started by: damian
1 Replies
2. Post Here to Contact Site Administrators and Moderators
hi
how to disable the useraccount in aix (should not remove). (1 Reply)
Discussion started by: chomca
1 Replies
3. UNIX for Dummies Questions & Answers
Thanks
AVKlinux (3 Replies)
Discussion started by: avklinux
3 Replies
4. Shell Programming and Scripting
Hi, guys. I have two questions:
I need to write a script, which can show all the non-suspended users on system, and suspend the selected user account.
There are two things I am not sure:
1. How can I suspend user's account? What I think is: add a string to the encrypted password in shadow... (2 Replies)
Discussion started by: daikeyang
2 Replies
5. Red Hat
Hi All,
I have a RPM for an Java based application. Currently it works fine.
But recently I want to implement that when newer packages gets installed over the older one, the rpm should only update the older files with the newer one (I know this could be done by rpm -Uvh xxx.rpm), but it... (0 Replies)
Discussion started by: jw_amp
0 Replies
6. Cybersecurity
Please help me identify these user accounts..
bin, lp, nuucp, smbnull, mysql, tftp
Can we remove these user or disable these users?We have to apply the security policy about the user identification.Since it was settup by our vendor long time ago. We do not have these informations about these... (3 Replies)
Discussion started by: rdstkg
3 Replies
7. Red Hat
Hi All,
I want to know is there any way where if i add a user in a centos machine the can be replicated to another centos automatically.
As i have setup DRBD with heartbeat for apache webserver everything is working fine but the only thing im stuck in is about system account for ftp.
Can any... (3 Replies)
Discussion started by: search4u2003
3 Replies
8. Linux
Hi,
i have the following config in the system-auth files
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
account required ... (2 Replies)
Discussion started by: yprudent
2 Replies
9. HP-UX
I need to check actual date a user was disabled on my HP-UX server.
Audit is claiming the user account was active during the last audit exercise. (7 Replies)
Discussion started by: cyriac_N
7 Replies
dsexport(1) BSD General Commands Manual dsexport(1)
NAME
dsexport -- export records from OpenDirectory
SYNOPSIS
dsexport [--N] [-r record_list] [-e exclude_attributes] [-a address -u username [-p password]] output_file node_path record_type
DESCRIPTION
The dsexport utility exports records from Open Directory.
The first argument is the path to the output file. If the file already exists it will be overwritten.
The second argument is the path to the OpenDirectory node from which the records will be read.
The third argument is the type of record to export. If the record type does not begin with 'dsRecTypeStandard:' or 'dsRecTypeNative:', the
dsexport utility will determine if the node supports a standard attribute by the specified name; otherwise, dsexport will assume that the
record type is native. A warning will be printed if the record type is converted. Standard record types can be listed using the following
command: 'dscl -raw . -list /'.
OPTIONS
The options are as follows:
--N Export all attributes, including native attributes. By default, dsexport only exports standard attributes.
-r record_list
Comma-separated list of records to export from the specified node. The -r option may be used multiple times to specify additional
records to export. If the -r option is not specified, dsexport will attempt to export all records.
-e exclude
Comma-separated list of attributes that should not be exported. The -e option may be used multiple times to specify additional
attributes to exclude. The following attributes are always excluded: 'dsAttrTypeStandard:AppleMetaNodeLocation',
'dsAttrTypeStandard:RecordType', 'dsAttrTypeNative:objectClass'.
-a address
Address of the desired proxy machine.
-u username
Username to use for the proxy connection
-p password
Password to use for the proxy connection. If the -p option is not specified, dsexport will interactively prompt for the password.
NOTES
When using an LDAP node, please be aware that dsexport can only export as many records as the LDAP server is willing to return. If the LDAP
server has several thousand users, you may want to raise the maximum number of search results that the server returns. This can be done in
Server Admin (my.server.com>OpenDirectory>Settings>Protocols tab). By default this is set to 11000 results.
EXAMPLES
Export all user records from the local node to 'export.out':
$ dsexport export.out /Local/Default dsRecTypeStandard:Users
Export the group records for 'admin' and 'staff' from the LDAPv3 node on a proxy machine 'proxy.machine.com':
$ dsexport export.out /LDAPv3/127.0.0.1 dsRecTypeStandard:Groups -r admin,staff -a proxy.machine.com -u diradmin -p password
Export augmented users from the LDAPv3 node, including native attributes but excluding the PasswordPlus attribute:
$ dsexport augments.out /LDAPv3/127.0.0.1 dsRecTypeStandard:Augments --N -e "dsAttrTypeStandard:PasswordPlus"
EXIT STATUS
The dsexport utility exits 0 on success, and >0 if an error occurs.
SEE ALSO
dscl(1), dsimport(1), DirectoryService(8)
BSD
20 November 2008 BSD