The following report provides product licensing information.
| Report | Description |
|---|---|
| Product License Usage |
Provides a summary of all licensing information. This report includes the following information for hosts managed by the console:
|
The following report provides product licensing information.
| Report | Description |
|---|---|
| Product License Usage |
Provides a summary of all licensing information. This report includes the following information for hosts managed by the console:
|
Authentication Services includes PowerShell modules that provide a "scriptable" interface to many Authentication Services management tasks. You can access a customized PowerShell console from the Control Center Tools navigation link.
You can perform the following tasks using PowerShell cmdlets:
Using the Authentication Services PowerShell modules, it is possible to script the import of Unix account information into Active Directory.
The following procedure explains how to Unix-enable a user and user group using the Authentication Services PowerShell Console.
To Unix-enable a user and user group
Note: The first time you launch the PowerShell Console, it asks you if you want to run software from this untrusted publisher. Enter A at the PowerShell prompt to import the digital certificate to your system as a trusted entity. Once you have done this, you will never be asked this question again on this machine.
Enable-QasUnixGroup UNIXusers | Set-QasUnixGroup -GidNumber 1234567
Note: You created the UNIXusers group in a previous exercise. See Adding an Active Directory group account.
Unix attributes are generated automatically based on the Default Unix Attributes settings that were configured earlier and look similar to the following:
ObjectClass : group
DistinguishedName : CN=UNIXusers,CN=Users,DC=example,DC=com
ObjectGuid : 71aaa88-d164-43e4-a72a-459365e84a25
GroupName : UNIXusers
UnixEnabled : True
GidNumber : 1234567
AdsPath : LDAP://windows.example.com/CN=UNIXusers,CN=Users,
DC=example,DC=com
CommonName : UNIXusers
Enable-QasUnixUser ADuser | Seet-QasUnixUser -PrimaryGidNumber 1234567
The Unix properties of the user display:
ObjectClass : user
DistinguishedName : CN=ADuser,CN=Users,DC=example,DC=com
ObjectGuid : 5f83687c-e29d-448f-9795-54d272cf9f25
UserName : ADuser
UnixEnabled : True
UidNumber : 80791532
PrimaryGidNumber : 1234567
Gecos :
HomeDirectory : /home/ADuser
LoginShell : /bin/sh
AdsPath : LDAP://windows.example.com/CN=ADuser,CN=Users,
DC=example,DC=com
CommonName : ADuser
Disable-QasUnixUser ADuser
Note: To clear all Unix attribute information, enter:
Clear-QasUnixUser ADuser
Now that you have Unix-disabled the user, that user can no longer log in to systems running the Authentication Services agent.
Click Login to log in to the Unix host with your Active Directory user account.
A PuTTY window displays.
Note: PuTTY attempts to log in using Kerberos, but will fail over to password authentication if Kerberos is not enabled or properly configured for the remote SSH service.
You will receive a message that says Access denied.
Authentication Services supports the flexible scripting capabilities of PowerShell to automate administrative, installation, and configuration tasks. A wide range of new PowerShell cmdlets are included in Authentication Services.
| cmdlet name | Description |
|---|---|
|
Add-QasLicense |
Installs an Authentication Services license file in Active Directory. Licenses installed this way are downloaded by all Unix clients. |
|
Clear-QasUnixGroup |
Clears the Unix identity information from group object in Active Directory. The group is no longer Unix-enabled and will be removed from the cache on the Authentication Services Unix clients. |
|
Clear-QasUnixUser |
Clears the Unix identity information from a user object in Active Directory. The user is no longer Unix-enabled will be removed from the cache on the Authentication Services Unix clients. |
|
Disable-QasUnixGroup |
Unix-disables a group and will be removed from the cache on the Authentication Services Unix clients. Similar to Clear-QasUnixGroup except the Unix group name is retained. |
|
Disable-QasUnixUser |
Removes an Active Directory user‘s ability to log in on Unix hosts. (The user will still be cached on the Authentication Services Unix clients.) |
|
Enable-QasUnixGroup |
Enables an Active Directory group for Unix by giving a Unix GID number. The GID number is automatically generated. |
|
Enable-QasUnixUser |
Enables an Active Directory user for Unix. The required account attributes UID number, primary GID number, GECOS, login shell, and home directory are generated automatically. |
|
Get-QasConfiguration |
Returns an object representing the Authentication Services application configuration data stored in Active Directory. |
|
Get-QasGpo |
Returns a set of objects representing GPOs with Unix and/or macOS settings configured. This cmdlet is in the Quest.AuthenticationServices.GroupPolicy module. |
|
Get-QasLicense |
Returns objects representing the Authentication Services product licenses stored in Active Directory. |
|
Get-QasOption |
Returns a set of configurable global options stored in Active Directory that affect the behavior of Authentication Services. |
|
Get-QasSchema |
Returns the currently configured schema definition from the Authentication Services application configuration. |
|
Get-QasSchemaDefinition |
Returns a set of schema templates that are supported by the current Active Directory forest. |
|
Get-QasUnixGroup |
Returns an object that represents an Active Directory group as a Unix group. The returned object can be piped into other cmdlets such as Clear-QasUnixGroup or Enable-QasUnixGroup. |
|
Get-QasUnixUser |
Returns an object that represents an Active Directory user as a Unix user. The returned object can be piped into other cmdlets such as Clear-QasUnixUser or Enable-QasUnixUser. |
|
Get-QasVersion |
Returns the version of Authentication Services currently installed on the local host. |
|
Move-QasConfiguration |
Moves the Authentication Services application configuration information from one container to another in Active Directory. |
|
New-QasAdConnection |
Creates an object that represents a connection to Active Directory using specified credentials. You can pass a connection object to most Authentication Services cmdlets to execute commands using different credentials. |
|
New-QasArsConnection |
Creates an object that represents a connection to an Active Roles Server using the specified credentials. You can pass a connection object to most Authentication Services cmdlets to execute commands using different credentials. |
|
New-QasConfiguration |
Creates a default Authentication Services application configuration in Active Directory and returns an object representing the newly created configuration. |
|
Remove-QasConfiguration |
Accepts a Authentication Services application configuration object as input and removes it from Active Directory. This cmdlet produces no output. |
|
Remove-QasLicense |
Accepts an Authentication Services product license object as input and removes the license from Active Directory. This cmdlet produces no output. |
|
Set-QasOption |
Accepts an Authentication Services options set as input and saves it to Active Directory. |
|
Set-QasSchema |
Accepts an Authentication Services schema template as input and saves it to Active Directory as the schema template that will be used by all Authentication Services Unix clients. |
|
Set-QasUnixGroup |
Accepts a Unix group object as input and saves it to Active Directory. You can also set specific attributes using command line options. |
|
Set-QasUnixUser |
Accepts a Unix user object as input and saves it to Active Directory. You can also set specific attributes using command line options. |
Authentication Services PowerShell cmdlets are contained in PowerShell modules named Quest.AuthenticationServices and Quest.AuthenticationServices.GroupPolicy. Use the Import-Module command to import the Authentication Services commands into an existing PowerShell session.
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy