Linux/Unix Static file import to build systems lists.

Follow

 

You may not have considered using an AD query of any kind as typically the Linux machines are not part of AD. However, the Linux machines do register in DNS and, to your benefit, the DNS zones are Active Directory Integrated Zones.

That technically means, the systems are in AD’s data store. However, to query for the list of systems, you need to query AD like it was a database and look at the partitions that store the DNS information with some basic LDAP syntax (as opposed to tSQL syntax).

Setup:

They will perform the query process for Windows, and again, separately, for Linux.

1. Create a management set

2. Go to Set Properties

3. Setup the management set to get "Targets from query to a data source"

4. Click Next

5. Click Configure

6. Click the ellipses on the Edit Data Source Configuration dialog

7. Select OLE DB Provider for Microsoft Directory Services and click Next.

one.png

8. For the data source, put in the DNS name of the domain or FQDN of a specific DC

(screenshot is just the DNS name of the domain)

9. Leave the location blank

10. Select to use Windows NT Integrated Security (otherwise you must be willing to manually manage the credentials for this LDAP connection).

two.png

11. Click OK

12. Define your query and put it in the Query to Data field, then click Test. It should return only the name of the machines and nothing else or it will error. Examples detailed below.

three.png 

four.png

13. Click OK.

14. Update your management set! Viola!

The query is as follows:

SELECT dc from ‘LDAP://DNS_ZONE_NAME,CN=MicrosoftDNS,DC=domaindnszones,DISTINGUISHED_DOMAIN_N AME_DN’

WHERE dc = ‘NAMING_FILTER’

This example domain is called lsds.int. The test DNS zones are ADI zones set to replicate with all DNS servers in this domain. If yours are set to replicate with all DCs in the forest, you would change "DC=domaindnszones" to "DC=forestdnszones". The example DNS zone is also called "lsds.int".

To find all systems that start with the name of db (as in db*), the query is:

SELECT dc FROM 'LDAP://DC=lsds.int,CN=MicrosoftDNS,dc=domaindnszones,dc=lsds,dc=int'

WHERE dc = 'db*'

Since you are querying LDAP, the LDAP naming conventions will apply to filters, hence everything

is = or != and there is no such thing as a LIKE clause. Partial matches are done with = and wildcards in the filter.

Was this article helpful?
1 out of 1 found this helpful

Comments

  • Avatar
    Kevin Shannon

    Great article!

Powered by Zendesk