Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #
- # Author: Calum Hunter
- # Date: 28/11/2016
- # Version: 1.0
- # Purpose: To generate a Mac UID from the objectGUID attribute
- # (GeneratedUID) in AD.
- # This uses the same method that the Apple
- # AD Plugin uses
- #
- ## Start by loading up our ldap query variables
- SVC_ACCOUNT_NAME="Username"
- SVC_ACCOUNT_PASS="Password"
- DOMAIN="my.domain"
- LDAP_SERVER="dc.my.domain:389"
- SEARCH_BASE="OU=Users,DC=My,DC=Domain"
- DECODE_BASE64(){
- # This function takes the encoded output from ldapsearch and decodes it
- # It then needs to be "hex-dumped" in order to get it into regular text
- # So that we can work with it
- OBJECT_ID="$1"
- BASE64_DECODED=$(echo $OBJECT_ID | base64 -D)
- G=($(echo ${BASE64_DECODED} | hexdump -e '1/1 " %02X"'))
- OBJECTGUID="${G[3]}${G[2]}${G[1]}${G[0]}-${G[5]}${G[4]}-${G[7]}${G[6]}-${G[8]}${G[9]}-${G[10]}${G[11]}${G[12]}${G[13]}${G[14]}${G[15]}"
- }
- # Search LDAP for our user account
- RESULT=$(ldapsearch -LLL -H ldap://$LDAP_SERVER -E pr=1000/noprompt -o ldif-wrap=no -x -D ${SVC_ACCOUNT_NAME}@$DOMAIN -w ${SVC_ACCOUNT_PASS} -b "${SEARCH_BASE}" \
- -s sub -a always "(objectClass=user)" "sAMAccountName" "objectGUID")
- i=1
- s=1
- declare -a RESULT_ARRAY
- while IFS= read -r line; do
- # If we find an empty line, then we increase the counter (i),
- # set the flag (s) to one, and skip to the next line
- [[ $line == "" ]] && ((i++)) && s=1 && continue
- # If the flag (s) is zero, then we are not in a new line of the block
- # so we set the value of the array to be the previous value concatenated
- # with the current line
- [[ $s == 0 ]] && RESULT_ARRAY[$i]="${RESULT_ARRAY[$i]}
- $line" || {
- # Otherwise we are in the first line of the block, so we set the value
- # of the array to the current line, and then we reset the flag (s) to zero
- RESULT_ARRAY[$i]="$line"
- s=0;
- }
- done <<< "$RESULT"
- for USER in "${RESULT_ARRAY[@]}"; do
- USER_DN=$(echo "$USER" | grep "dn:")
- USER_GUID_BASE64=$(echo "$USER" | awk -F "::" '/objectGUID/ {print $2}')
- # Get our GeneratedUID from LDAPSEARCH by decoding and hex dumping it
- DECODE_BASE64 "$USER_GUID_BASE64"
- # Now lets get the first 32 bits of our GUID
- GUID_32=$(echo "$OBJECTGUID" | awk -F "-" '{print $1}')
- # Now convert this to decimal
- GUID_32_DEC=$(echo "ibase=16; $GUID_32" | bc)
- if [ $GUID_32_DEC -gt 2147483647 ]; then
- # Get the first character of our 32bit GUID
- FIRST_CHAR=${GUID_32:0:1}
- # Use the below table to replace the first character with number it represents. ie: A=2
- case $FIRST_CHAR in
- A)
- NUMBER=2 ;;
- B)
- NUMBER=3 ;;
- C)
- NUMBER=4 ;;
- D)
- NUMBER=5 ;;
- E)
- NUMBER=6 ;;
- F)
- NUMBER=7 ;;
- 9)
- NUMBER=1 ;;
- 8)
- NUMBER=0 ;;
- *)
- esac
- # Now lets replace the first character with our new number
- A=$(echo $GUID_32 | cut -c2-)
- NEW_32_GUID="${NUMBER}${A}"
- GUID_32_DEC=$(echo "ibase=16; $NEW_32_GUID" | bc)
- fi
- # Echo our output
- USERNAME=$(echo $USER_DN | awk -F "dn:" '{print $2}')
- echo "$USERNAME,$GUID_32_DEC"
- echo "$USERNAME,$GUID_32_DEC" >> users_with_UID.csv
- done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement