Scribd
Upload
85 views5 pages

OneFS - How To View Active Directory Provider Status and User Mapping Token Information - Dell India

This document provides instructions on how to view the Active Directory (AD) provider status and user mapping token information using OneFS commands. It details the procedures for both OneFS 7.0 and later versions as well as for versions 6.0 to 6.5, including specific commands and expected outputs. The article is aimed at troubleshooting authentication and user/group permission issues within the Isilon and PowerScale OneFS environments.

Uploaded by

panwar14
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
85 views5 pages

OneFS - How To View Active Directory Provider Status and User Mapping Token Information - Dell India

This document provides instructions on how to view the Active Directory (AD) provider status and user mapping token information using OneFS commands. It details the procedures for both OneFS 7.0 and later versions as well as for versions 6.0 to 6.5, including specific commands and expected outputs. The article is aimed at troubleshooting authentication and user/group permission issues within the Isilon and PowerScale OneFS environments.

Uploaded by

panwar14
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

8/18/22, 4:28 PM OneFS: How to view Active Directory provider status and User Mapping Token Information | Dell

er status and User Mapping Token Information | Dell India

Article Number: 000008331 Print

OneFS: How to view Active Directory provider status and


User Mapping Token Information
Summary: How to use the isi auth commands to view AD status and user mapping token for user and group
information.

Article Content

Instructions

Introduction
When troubleshooting authentication issues or issues related to user and group permissions, you can view the status of the Active
Directory (AD) provider and the user mapping token information.

Procedure
OneFS 7.0 and later versions

1. Open an SSH connection on any node in the cluster and log on using the "root" account.
2. Run the following command, where <domain> is the domain name and <user name> is the user name of the user you want to
look up:

isi auth users view --user=<domain>\\<user name> --show-groups

Output similar to the following is displayed:

Name: CORP\administrator
DN: CN=Administrator,CN=Users,DC=corp,DC=domain,DC=com
DNS Domain: corp.domain.com
Domain: CORP
Provider: lsa-activedirectory-provider:CORP.DOMAIN.COM
Sam Account Name: Administrator
UID: 1000002
SID: S-1-5-21-458040702-84545701-2247583341-500
Enabled: Yes
Expired: No
Expiry: -
Locked: No
Email: -
GECOS: -
Generated GID: Yes
Generated UID: Yes
Generated UPN: Yes
Primary Group
ID: GID:1000000
Name: CORP\domain users
Home Directory: /ifs/home/CORP/administrator
Max Password Age: -
Password Expired: No
Password Expiry: -
Password Last Set: 2014-11-04T07:59:42
Password Expires: No

https://www.dell.com/support/kbdoc/en-in/article/lkbprint?ArticleNumber=000008331&AccessLevel=10&Lang=en 1/5
8/18/22, 4:28 PM OneFS: How to view Active Directory provider status and User Mapping Token Information | Dell India

Shell: /bin/zsh
UPN: administrator@CORP.DOMAIN.COM
User Can Change Password: Yes
Additional Groups: CORP\group policy creator owners
CORP\schema admins
CORP\enterprise admins
CORP\denied rodc password replication group
CORP\domain admins
CORP\domain users
3. To get a list of the AD providers and their statuses, run the following command:

isi auth ads list

Output similar to the following is displayed:

Name Authentication Status Site


-------------------------------------------------------------
CORP.DOMAIN.COM Yes online Default-First-Site-Name
-------------------------------------------------------------
Total: 1
4. To view other details for the AD provider, run the following command, where <provider name> is the name of the AD provider:

isi auth ads view <provider name>

Output similar to the following is displayed:

Name: CORP.DOMAIN.COM
Status: online
Primary Domain: CORP.DOMAIN.COM
Forest: corp.domain.com
Site: Default-First-Site-Name
NetBIOS Domain: CORP
Hostname: newt.corp.domain.com
Controller Time: 2015-05-27T19:05:15
Machine Account: NEWT$
5. To view the mapping token for the user which includes groups from all auth providers, run the following command:

isi auth mapping token --user=<domain>\\<user>

Output similar to the following is displayed:

User
Name: CORP\administrator
UID: 1000002
SID: S-1-5-21-458040702-84545701-2247583341-500
On Disk: S-1-5-21-458040702-84545701-2247583341-500
ZID: 1
Zone: System
Privileges: -
Primary Group
Name: CORP\domain users
GID: 1000000
SID: S-1-5-21-458040702-84545701-2247583341-513
On Disk: S-1-5-21-458040702-84545701-2247583341-513
Supplemental Identities
Name: CORP\group policy creator owners
GID: 1000015
SID: S-1-5-21-458040702-84545701-2247583341-520

Name: CORP\schema admins


GID: 1000016
SID: S-1-5-21-458040702-84545701-2247583341-518

https://www.dell.com/support/kbdoc/en-in/article/lkbprint?ArticleNumber=000008331&AccessLevel=10&Lang=en 2/5
8/18/22, 4:28 PM OneFS: How to view Active Directory provider status and User Mapping Token Information | Dell India

Name: CORP\enterprise admins


GID: 1000017
SID: S-1-5-21-458040702-84545701-2247583341-519

Name: CORP\denied rodc password replication group


GID: 1000004
SID: S-1-5-21-458040702-84545701-2247583341-572

Name: CORP\domain admins


GID: 1000003
SID: S-1-5-21-458040702-84545701-2247583341-512

Name: Authenticated Users


UID: -
GID: -
SID: S-1-5-11

OneFS 6.0 - 6.5

1. Open an SSH connection on any node in the cluster and log on using the "root" account.
2. Run the following command, where <domain> is the domain name and <user name> is the user name of the user you want to
look up:

isi auth ads users list --name=<domain>\\<user name> -v

Output similar to the following is displayed:

User: CORP\administrator*
Uid: 1000001
Gid: 1000004(CORP\domain users)
Sid: S-1-5-21-458040702-84545701-2247583341-500
Shell: /bin/sh
Home: /ifs/home/CORP/administrator
Groups: 1000004(CORP\domain users), 1000000(CORP\denied rodc password replication group),
1000003(CORP\domain admins), 1000004(CORP\domain users), 1544(Administrators), 1545(Users),
1000005(CORP\group policy creator owners), 1000006(CORP\schema admins), 1000007(CORP\enterprise
admins)
Flags: Password Never Expires
3. To look up the status of the AD provider, run the following command:

isi auth ads status

Output similar to the following is displayed:

Active Directory Services Status:


Mode: unprovisioned
Status: online
Primary Domain: CORP.DOMAIN.COM
Forest: corp.domain.com
Site: Default-First-Site-Name
NetBIOS Domain: CORP
Domain Controller: Win2K8.corp.domain.com
Hostname: ONEFS6
Machine Account: ONEFS6$

To view the mapping token for the user which includes groups from all auth providers, run the following command:

isi auth mapping token --name=<domain>\\<user>

https://www.dell.com/support/kbdoc/en-in/article/lkbprint?ArticleNumber=000008331&AccessLevel=10&Lang=en 3/5
8/18/22, 4:28 PM OneFS: How to view Active Directory provider status and User Mapping Token Information | Dell India

Output similar to the following is displayed:

Initial name: corp\administrator

Final Token
---------------------------------------------------------------------------------------
Primary uid: CORP\administrator (1000001)
Primary user sid: CORP\administrator (SID:S-1-5-21-458040702-84545701-2247583341-500)
Primary gid: CORP\domain users (1000004)
Primary group sid: SID:S-1-5-21-458040702-84545701-2247583341-513
On-disk user identity: CORP\administrator (SID:S-1-5-21-458040702-84545701-2247583341-500)
On-disk group identity: CORP\domain users (SID:S-1-5-21-458040702-84545701-2247583341-513)
Additional Identities:
CORP\denied rodc password replication group (SID:S-1-5-21-458040702-84545701-2247583341-572)
CORP\denied rodc password replication group (GID:1000000)
CORP\domain admins (SID:S-1-5-21-458040702-84545701-2247583341-512)
CORP\domain admins (GID:1000003)
Administrators (SID:S-1-5-32-544)
Administrators (GID:1544)
Users (SID:S-1-5-32-545)
Users (GID:1545)
CORP\schema admins (SID:S-1-5-21-458040702-84545701-2247583341-518)
CORP\schema admins (GID:1000006)
CORP\group policy creator owners (SID:S-1-5-21-458040702-84545701-2247583341-520)
CORP\group policy creator owners (GID:1000005)
CORP\enterprise admins (SID:S-1-5-21-458040702-84545701-2247583341-519)
CORP\enterprise admins (GID:1000007)

Additional Information
Related articles:

OneFS CLI Administration Guides


50075 - White Paper: Identities, Access Tokens and the Isilon OneFS User Mapping Service

Customer Troubleshooting Guides

63137 - Isilon Customer TSG - Troubleshoot Windows File System Permissions


63138 - Isilon Customer TSG - Troubleshoot Identity Mapping
63151 - Isilon Customer TSG - Troubleshoot Windows Active Directory Authentication

Article Properties

Affected Product
Isilon

Product
Isilon, PowerScale OneFS

Last Published Date


09 Aug 2022

Version
5

https://www.dell.com/support/kbdoc/en-in/article/lkbprint?ArticleNumber=000008331&AccessLevel=10&Lang=en 4/5
8/18/22, 4:28 PM OneFS: How to view Active Directory provider status and User Mapping Token Information | Dell India

Article Type
How To

https://www.dell.com/support/kbdoc/en-in/article/lkbprint?ArticleNumber=000008331&AccessLevel=10&Lang=en 5/5

You might also like