Article

(View Disclaimer)

Problem

A Forum reader recently asked:

"I need to get a list of all users in a tree that already use universal passwords. We're running eDirectory 8.8 SP1, and I tried to use diagpwd.exe to get the information I need. But diagpwd.exe only gets some of the users; others return an error -1631, though they definitely have a Universal Password set."

And here's the response from Chuck Perilli ...

Solution

We use JRB's GETNAME utility (part of the JRB Utilities package). I wrote a batch file that uses GETNAME to list Universal Password Policies for users, OU's, and O's:

**************************************************************
@echo off
if "%1" == "" goto syntax
if "%1" == "all" goto getall
if "%1" == "ALL" goto getall
getname %
1 /a=nspmPasswordPolicy /n /z /yc /s /l=upwdlist.txt /e=upwdlist.err
goto exit

:getall
getname 
* /a=nspmPasswordPolicy /n  /yc /s /r /u /x /l=upwdall.txt /e=upwdall.err %
2 %3
getname 
* /a=nspmPasswordPolicy /n  /yc /s /o="Organization" /r /x /l=upwdall.txt,a
 /e=upwdall.err,a %2 %3
getname 
* /a=nspmPasswordPolicy /n  /yc /s /o="OU" /r /x /l=upwdall.txt,a /e=upwdal
l.err,a %2 %3
if "%2" == "/j" goto copyfile
if "%2" == "/J" goto copyfile
goto exit

:syntax
echo.
echo Syntax is:
echo GETUPWD .empnum.full.context
echo ex: GETUPWD .34567.20000.hq.nfcu
echo ex: GETUPWD .*.30000.hq.nfcu   (will list all in 30000 container)
echo (list will be saved to UPWDLIST.TXT)
echo.
echo -or-
echo.
echo To list ALL users with Universal Password to UPWDALL.TXT...
echo GETUPWD all
echo.
goto exit

:copyfile
copy upwdall.txt fromjrb.txt

:exit
**************************************************************

The output looks like this:

.west9.30000.HQ.NFCU     .Prod Universal Password Exceptions.Password
 Policies.Security
.00000.HQ.NFCU           .Prod Universal Password Policy.Password
 Policies.Security
.30000.HQ.NFCU           .Prod Universal Password Policy.Password
 Policies.Security

This shows U.P. policy applied to OUs 00000 and 30000 with the overiding exception policy applied to user west9.30000. I actually have this job scripted to produce a list of all policy
assignments every night. We keep this history for a week.

JRB has some very nice tools we use on a daily basis.

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.