Wednesday, November 23, 2016

A simple means for using F5 adtest for diagnostic and queries for MicrosoftAD

In my day job our IT team struggles for collection of diagnostics when using a F5-APM for vpn and webportal access.

Tools exist for the  query  ActiveDirectory directly but you can use the f5 cli  adtest tool to query ActiveDirectory.



What this does is allow for  directed requested to your AD servers to gather details from AD. This ensure that AD is working & the F5 has access with the proper credentials for AD query.

I placed a simple script that allows for querying AD and gather  information against our Entrust ID attributes and memberOf group memberships. You can adjust  the script and grep on items revelant  to your case.


Image result for bash
( content of my check-ad-bash-script )

#
#
#
# script for checking the AD  details for a user  ( group )

A=thef5adqueryaccountname
W="thef5querypassword"
#
#


echo "Hello,  This script will output  Entrust and Group MemberOF details for the name user account"

echo -n "Enter the USERNAME  press [ENTER]: "
read name
echo


echo ""

# craft the menu of the company AD servers  ( add lines for the  number of ad-servers )
#
read -n 1 -p "What AD server would you like to query ? (A/B/C/D) " resp;

case $resp in

# set  the business AD servers
    A)
        n=1.1.1.1;;
    B)
        n=1.1.1.2;;
    C)
        n=1.1.1.3;;
    D)
        n=1.1.1.4;;
    *)
        exit;;


esac


echo ""
echo ""


# set the  variable and find the hostname of the AD server
#
D=`host $n  | awk ' { print$5}'`

echo " *** Querying the Entrust Details from  AD server  $n $D  &  against  user $name  *** "


#
#

adtest -t query -h $n -r yourdomain.com -A $A  -u $name    -g -FG -W $W -d 10 | grep trust

sleep 2;

echo ""
echo " *** Querying the user $name and the    memberOf group details  ***"
echo ""

adtest -t query -h $n -r yourdomain.com -A $A  -u $name   -g -FG -W $W -d 10 | grep memberO

echo ""
echo "Finish!"




Ken

No comments:

Post a Comment