In this blog post, I will discuss on some of the common but very useful commands to manage the users in AD.
Case1: To check in which all group a user belongs to:
Command: id <username>
For example:
[root@manoj ~]$ id hdpadmin
uid=731803102(hdpadmin) gid=731800513(domain_users) groups=731800513(domain_users),731801610(hadoopadmin)
I've seen that in many Hadoop projects there is a separate AD team for managing Active Directory servers. Many a time a Hadoop admin want to see whether the user has been added in AD or whether a user has been added to a group or whether the password of the user expired etc: The following commands helps in these situations.
Case1: To check in which all group a user belongs to:
Command: id <username>
For example:
[root@manoj ~]$ id hdpadmin
uid=731803102(hdpadmin) gid=731800513(domain_users) groups=731800513(domain_users),731801610(hadoopadmin)
The example states that hdpadmin is a part of "hadoopadmin" group and "domain_users" group.
Case2: Which all users belong to a particular group:
Command: getent group <groupname>
For example:
[root@manoj1 ~]$ getent group hadoopadmin
hadoopadmin:*:731801610:hdpadmin,ambari,
The output shows that in "hadoopadmin" group "hdpadmin" and "ambari" users are present.
Case2: To check whether the password is working for a user:
Command: ldapsearch -D <username@domainname> -W
For example:
[root@manoj1 ~]$: ldapsearch -D hdpadmin@006eq.clienthub.com -W
Then give the password of hdpadmin user. If you get the output as password accepted then you are fine.
For example:
[root@manoj1 ~]$ getent group hadoopadmin
hadoopadmin:*:731801610:hdpadmin,ambari,
The output shows that in "hadoopadmin" group "hdpadmin" and "ambari" users are present.
Case2: To check whether the password is working for a user:
Command: ldapsearch -D <username@domainname> -W
For example:
[root@manoj1 ~]$: ldapsearch -D hdpadmin@006eq.clienthub.com -W
Then give the password of hdpadmin user. If you get the output as password accepted then you are fine.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.