Symantec IGA

 View Only
  • 1.  List account report ldapsearch or etautil

    Posted Aug 19, 2016 07:55 AM

    Hi Guys good morning,

     

    I need extract information of a endpoint (AD), listing all accounts and groups of user, it is possible using ldapsearch or etautil?

     

    Tks



  • 2.  Re: List account report ldapsearch or etautil

    Broadcom Employee
    Posted Aug 23, 2016 11:46 AM

    Hi,

    I will try to find out if or how it's possible. You may want to consider raising a support case as well.

     

    Thanks,

    Sagi



  • 3.  Re: List account report ldapsearch or etautil

    Posted Sep 01, 2016 11:39 AM

    I am not clear on what information you are trying to extract.

     

    Are you trying to get the list of AD Accounts associated to a Provisioning User?

    Are you trying to get the list of AD groups an AD Account belongs to?

    Are you trying to get the list of AD Accounts on an AD Endpoint?

     

    The linking of a Provisioning User to an AD Account is done via an Inclusion object. You could do an ldapsearch to query that portion of the Provisioning Repository to find out what Accounts are associated to a Provisioning User. You can review the follow document which may help in that regard:

     

    http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1192585.aspx 

     

    It may be faster to query the DC/Domain itself if you wanted to get the list of AD Accounts in the domain and the groups that those accounts belong to since sending queries to the Provisioning Server would send them to the Connector Server and then down to the DC. Maybe the Microsoft dsget command would help:

     

    Find Groups in Which a User is a Member 

     

    - KennyV