I have a Debian Samba file server bound to Active Directory as a member server.
We create a staff folder for each employee matching their username on this server.
When employees quit, their Active Directory user account gets deactivated and moved to a deactivated users OU.
I would like to programatically remove staff folders for employees who have left, but can't find a tool that will distinguish between active and deactivated employees. I have tried: "wbinfo –verbose -i" and "id" commands.
Does anyone know a Linux command that I can use to determine whether an employee is active or deactivated, or alternative state the OU a user account is located in.
Best Answer
You should stick to the openldap
ldapsearchutility, which will give you the information you want. The switches that you launch it with and the additional parameters depend on your AD configuration, like the domain name, OU coordinates inside the LDAP root, and so on.