forked from shaniacht1/content
-
Notifications
You must be signed in to change notification settings - Fork 0
/
automation-ADGetGroupUsers.yml
33 lines (33 loc) · 1.19 KB
/
automation-ADGetGroupUsers.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
args:
- description: Active Directory Distinguished Name for the desired group
name: groupdn
required: true
- description: Include these AD attributes of the resulting objects in addition to
the default ones
name: attributes
comment: "Use Active Directory to retrieve the list of users who are members of the
specified group. Group must be given by its AD Distinguished Name. The \"attributes\"
argument receives a comma-separated list of additional attributes you wish to be
displayed in the results.\nExample usage: !ADGetGroupUsers groupdn=\"CN=Domain Admins,CN=Users,DC=demisto,DC=com\"
attributes=badPwdCount,memberOf "
commonfields:
id: ADGetGroupUsers
version: -1
dependson:
must:
- ad-search
deprecated: true
name: ADGetGroupUsers
runonce: false
script: |-
# Optional arguments and default values
attrs = 'name,displayname'
if demisto.get(demisto.args(), 'attributes'):
attrs += "," + demisto.args()['attributes']
filterstr = r"(&(objectCategory=User)(memberof=" + demisto.args()['groupdn'] + "))"
demisto.results( demisto.executeCommand( 'AdSearch', { 'filter' : filterstr, 'attributes' : attrs } ) )
scripttarget: 0
system: true
tags:
- active directory
type: python