The Blue Cedar Connect Gateway provides several commands for monitoring the status of the Active Directory server. The template is:

> show status operational context default aaa-operational active-directory-status option
CODE

The active-directory-status can take two possible values:

  • overall: General status
  • user-cache: Active credential cache of users currently logged in to the Active Directory server

To view the general status on the Active Directory Server that the gateway is currently joined to, use this template:

Template

> show status operational context default aaa-operational active-directory-status overall
BASH

Note: Please be aware that if you have hundreds or thousands of users connected to the gateway while you run this command, the output for this CLI command can be very long.

Output

overall "LSA Server Status:
  
  Compiled daemon version: 7.5.1.1517
  Packaged product version: 7.5.1517.65987
  Uptime:        0 days 1 hours 47 minutes 28 seconds
  
  [Authentication provider: lsa-activedirectory-provider]
  
  Status:        Online
  Mode:          Un-provisioned
  Domain:        EXAMPLE.COM
  Domain SID:    S-1-5-21-897520681-3725138770-4014864842
  Forest:        example.com
  Site:          Default-First-Site-Name
  Online check interval:  300 seconds
  [Trusted Domains: 1]
  [Domain: CH]

	DNS Domain:       example.com
	Netbios name:     CH
	Forest name:      example.com
	Trustee DNS name:
	Client site name: Default-First-Site-Name
	Domain SID:       S-1-5-21-897520681-3725138770-4014864842
	Domain GUID:      b3375b51-f2c4-354c-b6b5-072a2dc73cfa
	Trust Flags:      [0x000d]
	                  [0x0001 - In forest]
	                  [0x0004 - Tree root]
	                  [0x0008 - Primary]
	Trust type:       Up Level
	Trust Attributes: [0x0000]
	Trust Direction:  Primary Domain
	Trust Mode:       In my forest Trust (MFT)
	Domain flags:     [0x0001]
	                  [0x0001 - Primary]
	[Domain Controller (DC) Information]
		DC Name:              bonanza.example.com
		DC Address:           10.42.32.12
		DC Site:              Default-First-Site-Name
		DC Flags:             [0x000003fd]
		DC Is PDC:            yes
		DC is time server:    yes
		DC has writeable DS:  yes
		DC is Global Catalog: yes
		DC is running KDC:    yes

	[Global Catalog (GC) Information]

        GC Name:              bonanza.example.com
		GC Address:           10.42.32.12
		GC Site:              Default-First-Site-Name
		GC Flags:             [0x000003fd]
		GC Is PDC:            yes
		GC has writeable DS:  yes
		GC is running KDC:    yes";
BASH

To view the active credential cache of users currently logged in to the Active Directory server, use this template:

Template

> show status operational context default aaa-operational active-directory-status user-cache
BASH

Note: If you have hundreds or thousands of users connected to the gateway while you run this command, the output for this CLI command can be very long.

Output

user-cache "User object [1] (S-1-5-21-897520681-3725138770-4014864842-14195)
============
Enabled: yes
Distinguished name: CN=chuser5555,CN=Users,DC=EXAMPLE,DC=EXAMPLE.COM
SAM account name: chuser5555
NetBIOS domain name: CH
UPN: chuser5555@EXAMPLE.COM
Display Name: chuser5555
Alias: <null>
UNIX name: chuser5555
GECOS: chuser5555
Shell: /bin/sh
Home directory: /home/local/CH/chuser5555
Windows home directory: <null>
Local windows home directory:
UID: 1733310323
Primary group SID: S-1-5-21-897520681-3725138770-4014864842-513
Primary GID: 1733296641
Password expired: no
Password never expires: yes
Change password on next logon: no
User can change password: yes
Account disabled: no
Account expired: no
Account locked: no

User object [2] (S-1-5-21-897520681-3725138770-4014864842-15640)
============
Enabled: yes
Distinguished name: CN=chuser7000,CN=Users,DC=EXAMPLE,DC=EXAMPLE.COM
SAM account name: chuser7000
NetBIOS domain name: CH
UPN: chuser7000@EXAMPLE.COM
Display Name: chuser7000
Alias: <null>
UNIX name: chuser7000
GECOS: chuser7000
Shell: /bin/sh
Home directory: /home/local/CH/chuser7000
Windows home directory: <null>
Local windows home directory:
UID: 1733311768
Primary group SID: S-1-5-21-897520681-3725138770-4014864842-513
Primary GID: 1733296641
Password expired: no
Password never expires: yes
Change password on next logon: no
User can change password: yes
Account disabled: no
Account expired: no
Account locked: no

Total users found: 2";
BASH

To view the general status on the Active Directory Server that the gateway is currently joined to and the "active credential cache of users currently logged in to the Active Directory server", use this template:

Template

> show status operational context default aaa-operational active-directory-status
BASH

Note: If you have hundreds or thousands of users connected to the gateway while you run this command, the output for this CLI command can be very long.

Output

active-directory-status {
  overall    "LSA Server Status:

Compiled daemon version: 7.5.1.1517
Packaged product version: 7.5.1517.65987
Uptime:        3 days 3 hours 42 minutes 3 seconds

[Authentication provider: lsa-activedirectory-provider]

	Status:        Online
	Mode:          Un-provisioned
	Domain:        EXAMPLE.COM
	Domain SID:    S-1-5-21-897520681-3725138770-4014864842
	Forest:        example.com
	Site:          Default-First-Site-Name
	Online check interval:  300 seconds
	[Trusted Domains: 1]


	[Domain: CH]

		DNS Domain:       example.com
		Netbios name:     CH
		Forest name:      example.com
		Trustee DNS name:
		Client site name: Default-First-Site-Name
		Domain SID:       S-1-5-21-897520681-3725138770-4014864842
		Domain GUID:      b3375b51-f2c4-354c-b6b5-072a2dc73cfa
		Trust Flags:      [0x000d]
		                  [0x0001 - In forest]
		                  [0x0004 - Tree root]
		                  [0x0008 - Primary]
		Trust type:       Up Level
		Trust Attributes: [0x0000]
		Trust Direction:  Primary Domain
		Trust Mode:       In my forest Trust (MFT)
		Domain flags:     [0x0001]
		                  [0x0001 - Primary]

		[Domain Controller (DC) Information]

			DC Name:              bonanza.example.com
			DC Address:           10.42.32.12
			DC Site:              Default-First-Site-Name
			DC Flags:             [0x000003fd]
			DC Is PDC:            yes
			DC is time server:    yes
			DC has writeable DS:  yes
			DC is Global Catalog: yes
			DC is running KDC:    yes

		[Global Catalog (GC) Information]

			GC Name:              bonanza.example.com
			GC Address:           10.42.32.12
			GC Site:              Default-First-Site-Name
			GC Flags:             [0x000003fd]
			GC Is PDC:            yes
			GC is time server:    yes
			GC has writeable DS:  yes
			GC is running KDC:    yes";
user-cache "User object [1] (S-1-5-21-897520681-3725138770-4014864842-15640)
============
Enabled: yes
Distinguished name: CN=chuser7000,CN=Users,DC=ch,DC=acme,DC=local
SAM account name: chuser7000
NetBIOS domain name: CH
UPN: chuser7000@CH2.ACME.LOCAL
Display Name: chuser7000
Alias: <null>
UNIX name: chuser7000
GECOS: chuser7000
Shell: /bin/sh
Home directory: /home/local/CH/chuser7000
Windows home directory: <null>
Local windows home directory:
UID: 1733311768
Primary group SID: S-1-5-21-897520681-3725138770-4014864842-513
Primary GID: 1733296641
Password expired: no
Password never expires: yes
Change password on next logon: no
User can change password: yes
Account disabled: no
Account expired: no
Account locked: no

User object [5] (S-1-5-21-897520681-3725138770-4014864842-8642)
============
Enabled: yes
Distinguished name: CN=chuser0002,CN=Users,DC=ch,DC=acme,DC=local
SAM account name: chuser0002
NetBIOS domain name: CH
UPN: chuser0002@CH2.ACME.LOCAL
Display Name: chuser0002
Alias: <null>
UNIX name: chuser0002
GECOS: chuser0002
Shell: /bin/sh
Home directory: /home/local/CH/chuser0002
Windows home directory: <null>
Local windows home directory:
UID: 1733304770
Primary group SID: S-1-5-21-897520681-3725138770-4014864842-513
Primary GID: 1733296641
Password expired: no
Password never expires: yes
Change password on next logon: no
User can change password: yes
Account disabled: no
Account expired: no
Account locked: no

Total users found: 5";
BASH