When using the "Find Unix Objects" in Active Directory Users & Computers false positives are returned.
The "Find Unix Objects" uses a ldap search of
(&(objectCategory=Computer)(!(operatingSystem=Windows*))
This can cause false positives in certain environments. For example, this LDAP search will also show the following machines joined to AD:-
Computer objects manually pre-created in ADUC that have yet to be joined
EMC Ontap
Non-Quest Samba Hosts
NetApp Filers
If the results from "Find Unix Objects" have too many false positives in your environment you can use a LDAP custom search.
From ADUC, right click on your domain and select Find. Select "Custom Search", and click on the Advanced tab.
In the custom search enter :
(&(objectCategory=computer)(|(operatingsystem=darwin)(operatingsystem=hp-ux)(operatingsystem=sunos)(operatingsystem=linux)(operatingsystem=osf1)(operatingsystem=aix)))
If, you are only using VAS 3.3+ instead use :
(&(objectCategory=computer) (operatingsystemversion=*VAS*))
These searches can also be done from a QAS client e.g. :-
# /opt/quest/bin/vastool -u host/ search "(&(objectCategory=computer)(|(operatingsystem=darwin)(operatingsystem=hp-ux)(operatingsystem=sunos)(operatingsystem=linux)(operatingsystem=osf1)(operatingsystem=aix)))" name
The below command would tell you how QAS many machines are joined into AD
# /opt/quest/bin/vastool -u host/ search "(&(objectCategory=computer)(|(operatingsystem=darwin)(operatingsystem=hp-ux)(operatingsystem=sunos)(operatingsystem=linux)(operatingsystem=osf1)(operatingsystem=aix)))" operatingsystem | grep operatingsystem | wc -l
NOTE: This output will only correct if the user account used to joined the QAS machine to Active Directory, had permission to update the operatingsystem / operatingsystemversion attribute.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center