There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

cheet ,

sorry I don’t have any real documentation but I have a snippet of powershell that explains it pretty well here this comes from a user creation script I wrote back when they removed the unix UI.

I was using Get-AdUser and discovered that the properties still existed but you have to manually shove those in, when an sssd “domain bound” linux machine has a user with these props login, they get the defined UID and GID and homefolder etc.


<span style="color:#323232;">$otherAttributes = @{}
</span><span style="color:#323232;">Write-Host -ForegroundColor Yellow "Adding Linux Attributes"
</span><span style="color:#323232;">
</span><span style="color:#323232;"># get the next numeric uid number from AD
</span><span style="color:#323232;">$uidNumber=((get-aduser -Filter * -Properties * | where-object {$_.uidNumber} | select uidNumber | sort uidNumber | select -Last 1).uidNumber)+1
</span><span style="color:#323232;">
</span><span style="color:#323232;">$otherAttributes.Add("unixHomeDirectory","/homefolder/path/$($samAccountName)")
</span><span style="color:#323232;">$otherAttributes.Add("uid","$($samAccountName)")
</span><span style="color:#323232;">$otherAttributes.Add("gidNumber","$($gidNumber)")
</span><span style="color:#323232;">$otherAttributes.Add("uidNumber","$($uidNumber)")
</span><span style="color:#323232;">$otherAttributes.Add("loginShell","$($loginShell)")
</span><span style="color:#323232;">
</span><span style="color:#323232;">$UserArgs = @{
</span><span style="color:#323232;">    Credential = $creds
</span><span style="color:#323232;">    Enabled = $true
</span><span style="color:#323232;">    ChangePasswordAtLogon = $true
</span><span style="color:#323232;">    Path = $usersOU
</span><span style="color:#323232;">    HomeDirectory = "$homeDirPath$samAccountName"
</span><span style="color:#323232;">    HomeDrive = $homeDriveLetter
</span><span style="color:#323232;">    GivenName = $firstName
</span><span style="color:#323232;">    Surname = $lastName
</span><span style="color:#323232;">    DisplayName = $displayName
</span><span style="color:#323232;">    SamAccountName = $samAccountName
</span><span style="color:#323232;">    Name = $displayName
</span><span style="color:#323232;">    AccountPassword = $securePW
</span><span style="color:#323232;">    UserPrincipalName = "$($aliasName)@DOMAIN.COM"
</span><span style="color:#323232;">    OtherAttributes = $otherAttributes
</span><span style="color:#323232;">}
</span><span style="color:#323232;">
</span><span style="color:#323232;">$newUser = New-ADUser @UserArgs
</span>

basically the “OtherAttributes” on the ADUser object is a hashtable that holds all the special additional LDAP attributes, so in this example we use $otherAttributes to add all the fields we need, you can do the same with “Set-Aduser” if you just wanna edit an existing user and add these props

the @thing on New-ADuser is called a splat, very useful if you’re not familiar, it turns a hashtable into arguments

lemme know if you have any questions

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •