- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
How to Find and Enable/Disable Microsoft Active Directory / LDAP usernames that are members of the
03/26/2020 
5 People found this article helpful
32,383 Views
Description
How to Find and Enable/Disable Microsoft Active Directory / LDAP usernames that are members of the SonicWall administrator groups.
Resolution
Overview / Scenario:This article provides information on How to manage Microsoft Active Directory / LDAP Admin users with SonicWall VBS scripts.
SonicWall is offering some Visual Basic Scripts to help with managing Microsoft Active Directory / LDAP. They are useful in debugging LDAP problems related to SonicWall appliances. The script SonicWallLDAPAdminUserChk.vbs allows the inspection of Admin users on the Microsoft Active Directory / LDAP server and the script SonicWallLDAPAdminUserChk.vbs allows for the disabling and enabling of Admin users on the Microsoft Active Directory / LDAP server.
· Use SonicWallLDAPAdminUserChk.vbs script to check LDAP/AD server
· Usage Example for SonicWallLDAPAdminUserChk.vbs
· SonicWallLDAPAdminUserChk.vbs Usage Options
· Use SonicWallLDAPAdminGroups.vbs script to disable Admin users on LDAP/AD server
· SonicWallLDAPAdminGroups.vbs Usage Options
Step 1. Are any AD / LDAP usernames members of the SonicWall administrator groups on the Microsoft LDAP/ Active Directory and in Local Users on the firewall?
Use SonicWallLDAPAdminUserChk.vbs script to help determine if any LDAP usernames in Active Directory are members of the SonicWall administrator groups (“SonicWall Administrators”, “Limited Administrators”, “SonicWall Read-Only Admins”, “Guest Administrators”).
This script can be download from: https://software.sonicwall.com/UtilityTools/SonicWallLDAPAdminUserChk.zip
To use the SonicwallLDAPAdminUserChk.vbs script requires:
1. Access to Microsoft Active Directory Domain Controller or a System that is part of the Domain using a domain account with sufficient privileges to search Active Directory.
2. SonicWallLDAPAdminUserChk.vbs script.
(Download from: https://software.sonicwall.com/UtilityTools/SonicwallLDAPAdminUserChk.zip
Save it in a convenient location and extract the script).
3. Settings File from the appliance
File can be Exported after log on to SonicWall GUI and going to System > Settings and using export settings option (.exp file).
with these, files and access
Run the script to check if the Active Directory configuration contains any usernames which are members of the SonicWall Administrator groups.
Note: This script only searches in the LDAP directory. It makes no changes to any objects in it.
If running the script on domain controller, the command is:
cscript SonicWallLDAPAdminUserChk.vbs <Name of the settings-file.exp>
Otherwise:
cscript SonicWallLDAPAdminUserChk.vbs <Name of the settings-file.exp> <domain-controller>
Replace <Name of the settings-file.exp> by the name of the settings file exported from the appliance, and <domain-controller> by the DNS name or IP address of the domain controller.
Step 2. Usage Example for SonicWallLDAPAdminUserChk.vbs
When you run the SonicwallLDAPAdminUserChk.vbs script, the output may be similar to the following example:
: cscript SonicwallLDAPAdminUserChk.vbs sonicwall.exp ad.example.com
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.
SonicWall Administrative User Check Script Version 1.1
Reading the export file...
...
Decoding the export file (this may take a while)...
...
Found a local administrative user group: SW Admins
Found a local administrative user: john_smith
Found a local administrative user: bob_jones
Found a local administrative user: bob_local
An LDAP search will now be made to check if those users/groups exist in the LDAP directory.
Press enter to continue
Searching under domain DN: DC=example,DC=com
Searching for the administrative users found in the SonicWall settings
Found 4 users
Related Articles
Categories
Not Finding Your Answers?
ASK THE COMMUNITY
YES
NO