In my day job our IT team struggles for collection of diagnostics when using a F5-APM for vpn and webportal access.
Tools exist for the query ActiveDirectory directly but you can use the f5 cli adtest tool to query ActiveDirectory.
What this does is allow for directed requested to your AD servers to gather details from AD. This ensure that AD is working & the F5 has access with the proper credentials for AD query.
I placed a simple script that allows for querying AD and gather information against our Entrust ID attributes and memberOf group memberships. You can adjust the script and grep on items revelant to your case.
( content of my check-ad-bash-script )
#
#
#
# script for checking the AD details for a user ( group )
A=thef5adqueryaccountname
W="thef5querypassword"
#
#
echo "Hello, This script will output Entrust and Group MemberOF details for the name user account"
echo -n "Enter the USERNAME press [ENTER]: "
read name
echo
echo ""
# craft the menu of the company AD servers ( add lines for the number of ad-servers )
#
read -n 1 -p "What AD server would you like to query ? (A/B/C/D) " resp;
case $resp in
# set the business AD servers
A)
n=1.1.1.1;;
B)
n=1.1.1.2;;
C)
n=1.1.1.3;;
D)
n=1.1.1.4;;
*)
exit;;
esac
echo ""
echo ""
# set the variable and find the hostname of the AD server
#
D=`host $n | awk ' { print$5}'`
echo " *** Querying the Entrust Details from AD server $n $D & against user $name *** "
#
#
adtest -t query -h $n -r yourdomain.com -A $A -u $name -g -FG -W $W -d 10 | grep trust
sleep 2;
echo ""
echo " *** Querying the user $name and the memberOf group details ***"
echo ""
adtest -t query -h $n -r yourdomain.com -A $A -u $name -g -FG -W $W -d 10 | grep memberO
echo ""
echo "Finish!"
Ken
No comments:
Post a Comment