14 Replies Latest reply on Feb 21, 2019 8:52 AM by Edison Santos

    ADDM - Discovery of Users\Accounts\Groups of a discovered CI

      Share This:

      Hi All,

       

      is it possible to get the list of Users\Accounts\AD Groups present to the discovered server.

       

       

      i need to know if it's possible that when we discover a Server from ADDM, can it also tell us who all (Users / Accounts / AD Groups ) have access to that server ? IF yes then how??

       

      if not possible, can we customize something TPL or something and get it done??

        • 1. Re: ADDM - Discovery of Users\Accounts\Groups of a discovered CI
          Andrew Waters

          I suppose you could look at using Win32_UserAccount but this can produce a LOT of results, there is also Win32_Group in a pattern. It really depends exactly what you are trying to achieve.

          • 2. Re: ADDM - Discovery of Users\Accounts\Groups of a discovered CI
            Varun Kaulapure

            Dear

             

             

             

            • 3. Re: ADDM - Discovery of Users\Accounts\Groups of a discovered CI

              thanks alot Varun,

               

              however i couldn't find the attachement. could you hit another try please

              • 5. Re: ADDM - Discovery of Users\Accounts\Groups of a discovered CI

                Hi Varun,

                 

                i'm not sure if it's a problem from my end but i still don't see the attachement.

                 

                can i request you to send that to my email id please - sumit.verma.53@gmail.com

                i'm not sure if my official email id could be reached through all outsiders. Many thanks...

                • 6. Re: ADDM - Discovery of Users\Accounts\Groups of a discovered CI
                  Varun Kaulapure

                  Dear ,

                   

                  Please see below tpl for linux-

                   

                  *******************************************************************************************

                  tpl 1.6 module user_details;

                  pattern linux_user_details 1.5

                  """

                  A pattern for linux interactive users

                  This pattern is supported for RHEL os type.

                  This uses following command -

                  1) awk -F : '500<=$3 && $3<=600 {print $1}' /etc/passwd

                  2) echo `awk -F : '$1=="%user1%" {print $1}' /etc/passwd 2>/dev/null`

                  """

                  // Required overview section. Some tags must be defined.

                  overview

                      tags linux;

                  end overview;

                   

                  constants

                      type := "User_Detail";

                      list_users_cmd := "echo `awk -F : '500<=$3 && $3<=600 {print $1}' /etc/passwd 2>/dev/null`";

                  end constants;

                   

                  triggers

                      on host := Host created, confirmed where os_type matches regex "(?i)Linux";

                  end triggers;

                   

                  body

                   

                      log.info("Find users on %host.name%");

                      users_list := discovery.runCommand(host, list_users_cmd);

                      log.debug ("'1 user details list is -'%users_list.result%");

                      log.debug("'2 number count of users -''size(users_list.result)'");

                     

                      if users_list.result then

                          log.debug("3 we are in the if loop");

                          for user_s in text.split(users_list.result) do

                             

                              log.debug("5 user details for user %user_s%");

                             

                              //Gather details from the server

                             

                              if user_s then

                                  log.debug("5 user details for user %user_s%");

                                 

                                  user_name_detail1 := discovery.runCommand(host, "echo `cat /etc/passwd | grep %user_s% | awk -F: '{print $1}'`");

                                  log.debug("user name details are %user_name_detail1.result%");

                                 

                                  user_id_detail1 := discovery.runCommand(host, "echo `cat /etc/passwd | grep %user_s% | awk -F: '{print $3}'`");

                                  log.debug("user id details are %user_id_detail1.result%");

                             

                                  group_id_detail1 := discovery.runCommand(host, "echo `cat /etc/passwd | grep %user_s% | awk -F: '{print $4}'`");

                                  log.debug("group id details are%group_id_detail1.result%");

                             

                                  user_default_shell1 := discovery.runCommand(host, "echo `cat /etc/passwd | grep %user_s% | awk -F: '{print $7}'`");

                                  log.debug("user default shell is %user_default_shell1.result%");

                              

                                                  //process the output

                                                  user_name_details := regex.extract(user_name_detail1.result, regex"[A-Za-z0-9]+");

                                                  user_id_detail := regex.extract(user_id_detail1.result, regex"[0-9]+");

                                      group_id_detail := regex.extract(group_id_detail1.result, regex"[A-Za-z0-9]+");

                                                  user_default_shell := regex.extract(user_default_shell1.result, regex"[/]+[A-Za-z0-9]+[/]+[A-Za-z0-9]+");

                                 

                                                  //Create a detail node

                                  dd_node := model.Detail(

                                  key  := text.hash("%host.name%/%user_name_details%/type"),

                                  name := "User Details",

                                  user_name := user_name_details,

                                  uid := user_id_detail,

                                  gid := group_id_detail,

                                  default_shell := user_default_shell,

                                  type := type,

                                  _tw_meta_data_attrs := ['name','user_name','uid','gid','default_shell','type']

                                  );

                             

                                  log.debug("'completed dd node creation for '%user_name_details%' now relate them'");

                             

                                  model.rel.Detail(ElementWithDetail := host, Detail:= dd_node);

                              end if;

                          end for;

                      else

                          log.info("'failed to get user list on -'%host.name%");

                      end if;

                  end body;

                  end pattern;

                  ******************************************************************************************************************************************

                  Please find below tpl for windows,

                  *******************************************************************************************************************************************

                  tpl 1.6 module win_user_details;

                  pattern windows_user_details 1.5

                  """

                  A pattern for windows interactive users

                  This pattern is supported for windows os type.

                  This uses the Win32_UserAccount class

                  """

                  // Required overview section. Some tags must be defined.

                  overview

                      tags windows, users;

                  end overview;

                   

                  constants

                      type := "Windows_User_Detail";

                      Windows_users_cmd := 'select * from Win32_UserAccount';

                      namespace := 'root\cimv2';

                  end constants;

                   

                  triggers

                      on host := Host created, confirmed where os_type matches regex "(?i)Windows";

                  end triggers;

                   

                  body

                   

                      log.info("Find users on %host.name%");

                      users_list := discovery.wmiQuery(host, Windows_users_cmd, namespace);

                      log.debug ("'1 user details list is -'%users_list% users_list");

                     

                      if users_list then

                          log.debug("3 we are in the if loop");

                          for user_s in users_list do

                             

                              log.debug("5 user details for user %user_s%");

                             

                              //Gather details from the server

                             

                              if user_s then

                                  log.debug("5 user details for user %user_s%");

                                 

                                  user_name_details := user_s.Name;

                                  log.debug('user name is %user_name_details%');

                                  FullName1 := user_s.FullName;

                                  log.debug('full name is %FullName1%');

                                  LocalAccount := user_s.LocalAccount;

                                  log.debug('LocalAcct is %LocalAccount%');

                                  key1 := text.hash("type/%user_name_details%");

                                 

                                 

                                                  //Create a detail node

                                  dd_node := model.Detail(

                                  key  := key1,

                                  name := "User Details",

                                  user_name := user_name_details,

                                  Local_Acct := LocalAccount,

                                  type := type,

                                  FullName := FullName1,

                                  _tw_meta_data_attrs := ['name','user_name','Local_Acct_Status','FullName','type']

                                  );

                             

                                  log.debug("'completed dd node creation for '%user_name_details%' now relate them'");

                             

                                  model.rel.Detail(ElementWithDetail := host, Detail:= dd_node);

                              end if;

                          end for;

                      else

                          log.info("'failed to get user list on -'%host.name%");

                      end if;

                  end body;

                  end pattern;

                  **********************************************************************************************************************************************************

                   

                  Hope above patterns will help!! Please modify the patterns as per your requirement.

                   

                  Thanks,

                  Varun

                  1 of 1 people found this helpful
                  • 7. Re: ADDM - Discovery of Users\Accounts\Groups of a discovered CI
                    Andrew Waters

                    You really do not want to be doing several things these patterns are doing.

                     

                    The Linux one is horribly inefficient. Running 4 commands remotely on a machine for each user is not a good idea. Why would you not get the file back and process it within the pattern. That will be significantly more efficient.

                     

                    Why do all you commands start with echo? There is absolutely no need for that. Your pattern also requires no username by a substring of another otherwise it could produce the wrong result.

                     

                    As I mentioned Win32_Account can produce a LOT of results. The key really should be changed. It should be at least related to the type of information. It is also completely inconsistent with the Linux pattern. One the node is global and shared (Windows) and the other is local to the Host (Linux). Using host.name is risky - there are many environments where a host name is not actually unique. If you want to related to a specific Host you would be much better served using Host.key

                     

                    If an account gets removed these patterns do nothing to remove the old account names.

                    2 of 2 people found this helpful
                    • 8. Re: ADDM - Discovery of Users\Accounts\Groups of a discovered CI
                      Varun Kaulapure

                      Hello

                       

                       

                       

                       

                      • 9. Re: ADDM - Discovery of Users\Accounts\Groups of a discovered CI
                        Bob Anderson

                        To add to what Andrew mentioned, based on past experience...

                         

                        If the machines you are running the pattern on are members of domains, you will likely get a list of every domain member in every domain group, and in many companies, this could be thousands of domain users.  If you have several thousand of these machines where the pattern is running, you will get millions of results, mostly duplicates.

                         

                        Since you are probably not interested in all the domain users with access to this machine, but probably more interested in just local login accounts, you should change the Windows_users_command to "SELECT * FROM Win32_UserAccount where LocalAccount = True".

                         

                        My other $.02..., I find it easier when wading through the debug statements to verify the values of my variables to put 'pinchers' around the variables......like this....

                         

                        log.debug("****PatternName : Function Name : variable user_s  : -->%user_s%<--");

                         

                        ...as the output from this will show if there is nothing in the variable....something like this:

                        *****PatternName : Function Name : variable user_s : --><--

                         

                        ...or if the output is a list

                        *****PatternName : Function Name : variable user_s : -->['asdf', 'qwerty', 'zxcvb']<--

                         

                        hth

                         

                        Good Luck!

                        3 of 3 people found this helpful
                        • 10. Re: ADDM - Discovery of Users\Accounts\Groups of a discovered CI
                          Varun Kaulapure

                          Dear Andrew Waters

                           

                          Thanks for your comments.

                           

                          Noe I am trying to destroy the user nodes which are not discovered in current discovery.

                           

                          For that I am comparing the list of current nodes and discovered nodes.

                           

                          //New discovered users

                          users_list := discovery.wmiQuery(host, Windows_users_cmd, namespace);

                           

                          //Obtain the current users list

                            dusers := search (in hosts traverse ElementWithDetail:Detail:Detail:Detail where type matches regex "(?i)User" show user_name);

                           

                          //Compare the current discovered user with already created user node

                            c := dusers.count(user_s);

                            if c >= 1 then

                            dusers.remove(user_s);

                            log.debug("***Windows_Users : Process the current dusers nodes : removed -->'%user_s%'<--");

                            log.debug("***Windows_Users : Modified dusers : -->'%dusers%'<--");

                            end if;

                           

                          But I am getting error at "c := dusers.count(user_s);", so i dont know how to use python list functions in tpl or there is another way for this.

                           

                           

                          Another query is how can i use the removal.

                          Please suggest if following is correct or need some changes:-

                           

                          if dusers then

                            log.debug ("***Windows_Users : removing the following users from dusers : -->'%dusers%'<--");

                            for duser1 in dusers do

                            removal

                            log.debug("***Windows_Users : Remove undiscovered nodes : -->'%duser1%'<--");

                            on duser1 := Detail aged;

                            model.destroy(duser1);

                            end removal;

                            end for;

                            end if;

                           

                          Thanks,

                          Varun

                          • 11. Re: ADDM - Discovery of Users\Accounts\Groups of a discovered CI
                            Andrew Waters

                            It is much easier to use removal groups - see docs. Then if you do not reconfirm something next time it will automatically go away. Remember to call model.supressRemovalGroup if the WMI request fails as you do not want to failure to remove them all.

                            3 of 3 people found this helpful
                            • 12. Re: ADDM - Discovery of Users\Accounts\Groups of a discovered CI
                              Varun Kaulapure

                              Dear Sumeet Verma

                               

                              Below tpl is for windows. Hope this helps you. Please modify it as per your requirement.

                               

                              **************************************************************************************************

                              tpl 1.12 module win_user_details;

                               

                               

                              pattern windows_user_details 1.5

                              """

                               

                               

                              A pattern for local windows users.

                              This pattern is supported for windows os type.

                              This uses the Win32_UserAccount class

                              """

                               

                               

                              // Required overview section. Some tags must be defined.

                              overview

                                tags windows, users;

                              end overview;

                               

                               

                              constants

                                type := "Windows_User_Detail";

                                //changed query by removing the * from select clause

                                Windows_users_cmd := 'select Name, FullName from Win32_UserAccount where LocalAccount = "True"';

                                namespace := 'root\cimv2';

                              end constants;

                               

                               

                              triggers

                                on host := Host created, confirmed where os_type matches regex "(?i)Windows";

                              end triggers;

                               

                               

                              body

                               

                               

                                log.info("Find users on %host.name%");

                                users_list := discovery.wmiQuery(host, Windows_users_cmd, namespace);

                                log.debug("***Windows_Users : User list : -->'%users_list%'<--");

                               

                                if users_list then

                               

                                log.debug("***Windows_Users : if loop started");

                                for user_s in users_list do

                               

                                log.debug("***Windows_Users : Processing user details for user : -->'%user_s%'<--");

                               

                                //Gather details from the server

                               

                                user_name_details := user_s.Name;

                                log.debug("***Windows_Users : Discovered user name : -->'%user_name_details%'<--");

                               

                               

                                FullName1 := user_s.FullName;

                                log.debug("***Windows_Users : Discovered full name : -->'%FullName1%'<--");

                               

                               

                                LocalAccount := user_s.LocalAccount;

                                log.debug("***Windows_Users : Discovered Local Acct : -->'%LocalAccount%'<--");

                               

                               

                                key1 := text.hash("type/%user_name_details%/%host.key%");

                               

                                                      //Create a detail node

                                dd_node := model.Detail(

                                key  := key1,

                                name := "User Details",

                                user_name := user_name_details,

                                Local_Acct := LocalAccount,

                                type := type,

                                FullName := FullName1,

                                _tw_meta_data_attrs := ['name','user_name','Local_Acct_Status','FullName','type']

                                );

                               

                                log.debug("***Windows_Users : completed dd node creation for -->'%user_name_details%'<--");

                                      

                                       //create a removal group

                                       model.setRemovalGroup(dd_node, "win_Users");

                                      

                                       //relate the created user with host

                                       log.info("***Windows_Users : Relate the user : -->'%user_name_details%'<--");

                                model.rel.Detail(ElementWithDetail := host, Detail:= dd_node);

                               

                                end for;

                                else

                                log.info("failed to get user list on %host.name%");

                                model.suppressRemovalGroup("win_Users");

                                end if;

                               

                              end body;

                              end pattern;

                               

                              ***********************************************************************************************************************

                               

                              Dear Andrew Waters  , Bob Anderson please point if more changes are required. Your previous comments really helped a lot.

                               

                              Thanks,

                              Varun

                              1 of 1 people found this helpful
                              • 13. Re: ADDM - Discovery of Users\Accounts\Groups of a discovered CI
                                Bob Anderson

                                Looks good.  Just a couple of comments:

                                 

                                I think you may have missed the %'s around the key1 assignment around 'type'

                                     key1 := text.hash("%type%/%user_name_details%/%host.key%");

                                 

                                You may find these user details helpful: InstallDate, PasswordExpires, and PasswordRequired

                                Windows_users_cmd := 'select Name, FullName, InstallDate, PasswordExpires, PasswordRequired from Win32_UserAccount where LocalAccount = "True"';

                                2 of 2 people found this helpful
                                • 14. Re: ADDM - Discovery of Users\Accounts\Groups of a discovered CI
                                  Edison Santos

                                  Hi varun kaulapure!!

                                   

                                  Do you have this TPL already working?

                                   

                                  I need to do this same work and a I'm new on TPL programming.

                                   

                                  Could you share it with me??

                                   

                                  Do you use the Atrium CMDB? Is this information also updated on CMDB? How did you do that?

                                   

                                  Best Regards,

                                  ES