Hi All,
I am sure we all come across searching user store and provisioning store on a regular basis. I am going to provide some helpful dxsearch queries that you can use against User Store (CA Directory) and Provisioning Store.
You can run these queries from CA Directory via command line.
Assumptions:
User Store - CA Directory
Base DN: ou=people,dc=ca,dc=com
User Store Port: 389
User Store Admin: uid=imadmin,ou=people,dc=ca,dc=com
User Store Host Name - userstorehostname
Provisioning Store Host Name - provdirhostname
DYN Endpoint - Endpoint1
OS: RHEL
Queries:
Count no. of global users in Provisioning Store:
dxsearch -D "eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb" -h provdirhostname -p 20394 -w <password> eTGlobalUserName=* dxEntryCount
Count no. of users in User Store:
dxsearch -b "ou=people,dc=ca,dc=com" -D "uid=imadmin,ou=people,dc=ca,dc=com" -h userstorehostname -p 389 -w <password> uid=* dxEntryCount
Count no. of Accounts in a DYN Endpoint in Provisioning Store:
dxsearch -b "eTDYNDirectoryName=Endpoint1,eTNamespaceName=Endpoint1,dc=im,dc=etadb" -D "eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb" -h provdirhostname -p 20394 -w <password> eTDYNAccountName=* dxEntryCount
Count no. of Inclusions for a Endpoint in Provisioning Store:
dxsearch -b "eTSubordinateClass=eTDYNAccount,eTSuperiorClass=eTGlobalUser,eTInclusionContainerName=Inclusions,eTNamespaceName=CommonObjects,dc=im,dc=etadb" -D "eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb" -h provdirhostname -p 20394 -w <password> eTSubordinateClassEntry=*eTNamespaceName\=Endpoint1* dxEntryCount
Count no. of Accounts for a Endpoint NOT Correlated to [deafult user] in Provisioning Store:
dxsearch -LLL -b "eTSuperiorClass=eTGlobalUser,eTInclusionContainerName=Inclusions,eTNamespaceName=CommonObjects,dc=im,dc=etadb" -D "eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb" -h provdirhostname -p 20394 -w <password> \(\&\(\!\(eTSuperiorClassEntry=*\[default*\)\)\(eTSubordinateClassEntry=*eTNamespaceName\=Endpoint1*\)\) dxEntryCount
Count no. of Members of a group in User Store:
dxsearch -b "ou=groups,dc=ca,dc=com" -D "uid=imadmin,ou=people,dc=ca,dc=com" -h userstorehostname -p 389 -w <password> cn=Application1 | grep uniqueMember: | wc -l
Search Members dn of a Group in User Store:
dxsearch -b "ou=groups,dc=ca,dc=com" -D "uid=imadmin,ou=people,dc=ca,dc=com" -h userstorehostname -p 389 -w <password> cn=Application1 | grep uniqueMember:
Search Users with a condition in User Store:
Return DN:
dxsearch -b "ou=people,dc=ca,dc=com" -D "uid=imadmin,ou=people,dc=pep,dc=pvt" -h userstorehostname -p 389 -w <password> country="US" dn
Return Selected Attributes:
dxsearch -b "ou=people,dc=ca,dc=com" -D "uid=imadmin,ou=people,dc=pep,dc=pvt" -h userstorehostname -p 389 -w <password> country="US" dn uid givenName sn cn
Return Complete Entry:
dxsearch -b "ou=people,dc=ca,dc=com" -D "uid=imadmin,ou=people,dc=pep,dc=pvt" -h userstorehostname -p 389 -w <password> country="US"
Count:
dxsearch -b "ou=people,dc=ca,dc=com" -D "uid=imadmin,ou=people,dc=pep,dc=pvt" -h userstorehostname -p 389 -w <password> country="US" dxEntryCount
Complex Condition:
(&(state=Texas)(country=US))
dxsearch -b "ou=people,dc=ca,dc=com" -D "uid=imadmin,ou=people,dc=pep,dc=pvt" -h userstorehostname -p 389 -w <password> \(\&\(state=Texas\)\(country=US\)\)
Search Global Users with a Provisioning Role in Provisioning Role:
Return dn:
dxsearch -b "eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=etadb" -D "eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb" -h provdirhostname -p 20394 -w <password> eTRoleDN=*Role1,eTRoleContainerName=Roles,eTNamespaceName=CommonObjects,dc=im* dn
Return Complete Entry:
dxsearch -b "eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=etadb" -D "eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb" -h provdirhostname -p 20394 -w <password> eTRoleDN=*Role1,eTRoleContainerName=Roles,eTNamespaceName=CommonObjects,dc=im*
Count:
dxsearch -b "eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=etadb" -D "eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb" -h provdirhostname -p 20394 -w <password> eTRoleDN=*Role1,eTRoleContainerName=Roles,eTNamespaceName=CommonObjects,dc=im* dxEntryCount
PS: / is used as escape character in RHEL Command Line. It may not be required in windows command prompt or unix shell scripting.
Thanks,
Praveen Jain