To perform a cross-domain search
vastool -u admin -w password search -b "dc=example2,dc=com" "(objectCategory=person)" sAMAccountName > results_file
This command performs a cross-domain search of all person objects in the example2.com domain, and puts their sAMAccountName into a new file called results_file.
For more information about vastool search options, refer to the OAT man page.
The OAT matching scripts allow for flexible resolution of user name rules. These scripts match local Unix accounts to Active Directory accounts. You can customize or replace these scripts to work as needed in your environment.
The basic match scripts match users and groups by comparing naming attributes.
The mapped user script matches users based on an existing mapped user file.
The override scripts match users and groups using an existing Authentication Services override file.
In the event that you want to revert the files back to the original User ID and Group ID, you can use the rollback option.
To change the ownership of a directory and remove the users from the system with oat_changeowner, enter:
oat_changeowner process -b backup_dir -d /home/user -u user_match_file -m
To undo the changes made by the oat_changeowner command, enter:
oat_changeowner rollback -b backup_dir
One Identity provides an interactive script, called oat that walks you through the process of changing file ownerships to match Active Directory. This script calls oat_adlookup, oat_match, and oat_changeowner with appropriate arguments based on responses that you provide.
Note: You must have Authentication Services installed and your system joined to an Active Directory domain to run the interactive script.
To change file ownership
The interactive script requests information about:
Note: No changes are made to your system until you have reviewed and approved the list of files and directories.
Typically you would specify "/" for the root directory.
Note: If you choose "/", it changes the file ownership for every file in your file system. One Identity recommends that you run OAT against a test directory first to confirm your understanding of what OAT does.
The oat_changeowner script creates a list of files that will be modified.
oat saves rollback information in a directory called oatwork<date> (where <date> is today's date). For example, in the /var/opt/quest/oat/oatwork20100513/ you would see a list of files similar to this:
ad_groups ad_users filelist group_mapping log
The log file is especially useful because it lists all the commands or scripts that were run, the options that were passed to them, and any error messages that were produced.
For more information, refer to the OAT man page. (See Using Authentication Services manual pages (man pages) for information about accessing the OAT man page.)