View the current configuration of Active Directory
The Blue Cedar Connect Gateway provides several commands for monitoring the status of the Active Directory server. The template is:
CODE
> show status operational context default aaa-operational active-directory-status optionThe active-directory-status can take two possible values:
- overall: General status
- user-cache: Active credential cache of users currently logged in to the Active Directory server
To view the general status on the Active Directory Server that the gateway is currently joined to, use this template:
Template
BASH
> show status operational context default aaa-operational active-directory-status overallNote: Please be aware that if you have hundreds or thousands of users connected to the gateway while you run this command, the output for this CLI command can be very long.
Output
BASH
overall "LSA Server Status:
Compiled daemon version: 7.5.1.1517
Packaged product version: 7.5.1517.65987
Uptime: 0 days 1 hours 47 minutes 28 seconds
[Authentication provider: lsa-activedirectory-provider]
Status: Online
Mode: Un-provisioned
Domain: EXAMPLE.COM
Domain SID: S-1-5-21-897520681-3725138770-4014864842
Forest: example.com
Site: Default-First-Site-Name
Online check interval: 300 seconds
[Trusted Domains: 1]
[Domain: CH]
DNS Domain: example.com
Netbios name: CH
Forest name: example.com
Trustee DNS name:
Client site name: Default-First-Site-Name
Domain SID: S-1-5-21-897520681-3725138770-4014864842
Domain GUID: b3375b51-f2c4-354c-b6b5-072a2dc73cfa
Trust Flags: [0x000d]
[0x0001 - In forest]
[0x0004 - Tree root]
[0x0008 - Primary]
Trust type: Up Level
Trust Attributes: [0x0000]
Trust Direction: Primary Domain
Trust Mode: In my forest Trust (MFT)
Domain flags: [0x0001]
[0x0001 - Primary]
[Domain Controller (DC) Information]
DC Name: bonanza.example.com
DC Address: 10.42.32.12
DC Site: Default-First-Site-Name
DC Flags: [0x000003fd]
DC Is PDC: yes
DC is time server: yes
DC has writeable DS: yes
DC is Global Catalog: yes
DC is running KDC: yes
[Global Catalog (GC) Information]
GC Name: bonanza.example.com
GC Address: 10.42.32.12
GC Site: Default-First-Site-Name
GC Flags: [0x000003fd]
GC Is PDC: yes
GC has writeable DS: yes
GC is running KDC: yes";To view the active credential cache of users currently logged in to the Active Directory server, use this template:
Template
BASH
> show status operational context default aaa-operational active-directory-status user-cacheNote: If you have hundreds or thousands of users connected to the gateway while you run this command, the output for this CLI command can be very long.
Output
BASH
user-cache "User object [1] (S-1-5-21-897520681-3725138770-4014864842-14195)
============
Enabled: yes
Distinguished name: CN=chuser5555,CN=Users,DC=EXAMPLE,DC=EXAMPLE.COM
SAM account name: chuser5555
NetBIOS domain name: CH
UPN: chuser5555@EXAMPLE.COM
Display Name: chuser5555
Alias: <null>
UNIX name: chuser5555
GECOS: chuser5555
Shell: /bin/sh
Home directory: /home/local/CH/chuser5555
Windows home directory: <null>
Local windows home directory:
UID: 1733310323
Primary group SID: S-1-5-21-897520681-3725138770-4014864842-513
Primary GID: 1733296641
Password expired: no
Password never expires: yes
Change password on next logon: no
User can change password: yes
Account disabled: no
Account expired: no
Account locked: no
User object [2] (S-1-5-21-897520681-3725138770-4014864842-15640)
============
Enabled: yes
Distinguished name: CN=chuser7000,CN=Users,DC=EXAMPLE,DC=EXAMPLE.COM
SAM account name: chuser7000
NetBIOS domain name: CH
UPN: chuser7000@EXAMPLE.COM
Display Name: chuser7000
Alias: <null>
UNIX name: chuser7000
GECOS: chuser7000
Shell: /bin/sh
Home directory: /home/local/CH/chuser7000
Windows home directory: <null>
Local windows home directory:
UID: 1733311768
Primary group SID: S-1-5-21-897520681-3725138770-4014864842-513
Primary GID: 1733296641
Password expired: no
Password never expires: yes
Change password on next logon: no
User can change password: yes
Account disabled: no
Account expired: no
Account locked: no
Total users found: 2";To view the general status on the Active Directory Server that the gateway is currently joined to and the "active credential cache of users currently logged in to the Active Directory server", use this template:
Template
BASH
> show status operational context default aaa-operational active-directory-statusNote: If you have hundreds or thousands of users connected to the gateway while you run this command, the output for this CLI command can be very long.
Output
BASH
active-directory-status {
overall "LSA Server Status:
Compiled daemon version: 7.5.1.1517
Packaged product version: 7.5.1517.65987
Uptime: 3 days 3 hours 42 minutes 3 seconds
[Authentication provider: lsa-activedirectory-provider]
Status: Online
Mode: Un-provisioned
Domain: EXAMPLE.COM
Domain SID: S-1-5-21-897520681-3725138770-4014864842
Forest: example.com
Site: Default-First-Site-Name
Online check interval: 300 seconds
[Trusted Domains: 1]
[Domain: CH]
DNS Domain: example.com
Netbios name: CH
Forest name: example.com
Trustee DNS name:
Client site name: Default-First-Site-Name
Domain SID: S-1-5-21-897520681-3725138770-4014864842
Domain GUID: b3375b51-f2c4-354c-b6b5-072a2dc73cfa
Trust Flags: [0x000d]
[0x0001 - In forest]
[0x0004 - Tree root]
[0x0008 - Primary]
Trust type: Up Level
Trust Attributes: [0x0000]
Trust Direction: Primary Domain
Trust Mode: In my forest Trust (MFT)
Domain flags: [0x0001]
[0x0001 - Primary]
[Domain Controller (DC) Information]
DC Name: bonanza.example.com
DC Address: 10.42.32.12
DC Site: Default-First-Site-Name
DC Flags: [0x000003fd]
DC Is PDC: yes
DC is time server: yes
DC has writeable DS: yes
DC is Global Catalog: yes
DC is running KDC: yes
[Global Catalog (GC) Information]
GC Name: bonanza.example.com
GC Address: 10.42.32.12
GC Site: Default-First-Site-Name
GC Flags: [0x000003fd]
GC Is PDC: yes
GC is time server: yes
GC has writeable DS: yes
GC is running KDC: yes";
user-cache "User object [1] (S-1-5-21-897520681-3725138770-4014864842-15640)
============
Enabled: yes
Distinguished name: CN=chuser7000,CN=Users,DC=ch,DC=acme,DC=local
SAM account name: chuser7000
NetBIOS domain name: CH
UPN: chuser7000@CH2.ACME.LOCAL
Display Name: chuser7000
Alias: <null>
UNIX name: chuser7000
GECOS: chuser7000
Shell: /bin/sh
Home directory: /home/local/CH/chuser7000
Windows home directory: <null>
Local windows home directory:
UID: 1733311768
Primary group SID: S-1-5-21-897520681-3725138770-4014864842-513
Primary GID: 1733296641
Password expired: no
Password never expires: yes
Change password on next logon: no
User can change password: yes
Account disabled: no
Account expired: no
Account locked: no
User object [5] (S-1-5-21-897520681-3725138770-4014864842-8642)
============
Enabled: yes
Distinguished name: CN=chuser0002,CN=Users,DC=ch,DC=acme,DC=local
SAM account name: chuser0002
NetBIOS domain name: CH
UPN: chuser0002@CH2.ACME.LOCAL
Display Name: chuser0002
Alias: <null>
UNIX name: chuser0002
GECOS: chuser0002
Shell: /bin/sh
Home directory: /home/local/CH/chuser0002
Windows home directory: <null>
Local windows home directory:
UID: 1733304770
Primary group SID: S-1-5-21-897520681-3725138770-4014864842-513
Primary GID: 1733296641
Password expired: no
Password never expires: yes
Change password on next logon: no
User can change password: yes
Account disabled: no
Account expired: no
Account locked: no
Total users found: 5";