Password expiration script

Support forums for the Habitat Automate plugin
Post Reply
JvdMaat
Posts: 27
Joined: Wed Feb 21, 2018 1:31 am

Password expiration script

Post by JvdMaat »

Hey, did some debugging on this, as I could not get it to work. Finally figured out that CN=Users only works for the built in Users OU. When customers have custom OUs, it's OU=Users,OU=CustomerFolder, etc. (Learning LDAP and AD on the fly)
Now that I have that part figured out, I have this running for a few more customers that have their users (thankfully) in a single OU.

However we have one large multi-site customer that has an OU structure per state. (We inherited that setup unfortunately)
And The Habitat AD Passwords Expired inventory seems to be looking only at a single OU.

Is there any option to look at multiple OUs? (Or just any user account on the domain in general, rather than being specific to a single OU?)

I just tested this with the Get-ADUser command, and just running it with -filter * shows me all accounts (ie, omitting -SearchBase)
Can we make that LDAP directory root field in Habitat optional? If we leave it blank, don't use SearchBase, and if it's entered, limit it to SearchBase?
That would solve a lot of my issues.

User avatar
Cubert
Posts: 1483
Joined: Tue Dec 29, 2015 7:57 pm
Contact:

Re: Password expiration script

Post by Cubert »

That seems like a reasonable request.

I am modifying in build .43 the script function to accept a blank LDAP and upon a blank LDAP root the script will choose to include -SearchBase "LDAPRoot" only if LDAP contains something.

I am also updating the configure section of plugin to allow a blank LDAP and adding in a label to describe the feature in config.

That should do what your asking.

When you see .43 released can you test and get back with me if that resolved your issues. Testing here looks good but we have only a select few domain controllers upon to test with.

JvdMaat
Posts: 27
Joined: Wed Feb 21, 2018 1:31 am

Re: Password expiration script

Post by JvdMaat »

Sorry, it's been a bit busy the past week.

I just updated it and cleared the LDAP directory root, and it grabbed all domain accounts as expected. Works like a charm.

Thanks!

User avatar
Cubert
Posts: 1483
Joined: Tue Dec 29, 2015 7:57 pm
Contact:

Re: Password expiration script

Post by Cubert »

Awesome!

Post Reply