Posts

Showing posts from July, 2016

An issue with Google Apps Directory Sync and how to fix it

As you know, Google Apps Directory Sync is a great tool to synchronize your MS Active Directory accounts with your Google Apps (for Business or Education). It can help you map your user account structure into Google including the users, groups, OUs... You simply set up the proper search rules for users and groups of your AD architecture. The tool works great except for one thing:

When you add a new user into a group in AD, it will add that user into the counter part of that group in Google. But, when you move that user out of the group in AD, the google account will not be removed from the google groups. What google only does is stop allowing the user to post to that group.

After looking for the solution for a while, I came up with one hack that works:

1. Search for all users in AD groups which you want to sync to Google:

http://www.dangtrinh.com/2016/07/get-all-ms-active-directory-group.html

2. Search for all users in Google groups:

http://www.dangtrinh.com/2016/07/get-google-group-member…

Get Google Group members using GAM and python

You can get a list of Google Groups members using GAM by running this following command:

gam print group-members group <group_email>

The results is a csv-style list of group members:

status,group,email,role,type,id
ACTIVE,<group_email>,<user_email>,MEMBER,USER,110853351795805057050
...
You can take advantage of python to filter the result and put all the user email addresses into a list:
Note: before using the python script, you have to make sure your GAM installation is up and running.

Get all MS Active Directory group members's email addresses using python

Using python-ldap you can get pretty much out of your MS Active Directory. For example, the following snippet can help you get all the members of a AD group:




Usage:

$ python ad_utils.py "your group name"

Query only enabled users in MS Active Directory

You can use this filter to query only enabled users in MS Active Direcotory:

(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

Remote desktop to a standalone Windows Server 2008 R2 server from Ubuntu14.04

Image
To be able to remote desktop into a standalone (not join domain) Windows Server2008 R2 (or later version) with Remmina, you have to set NLA as the security communication method.

In the Remote Desktop Reference of the remote host >> Advanced tab >> Security: NLA