ADEdit Commands Organized By Type
As discussed in Logical Organization for ADEdit Commands, there are different types of ADEdit commands that can be organized into logical categories. This chapter provides a brief introduction to the ADEdit commands in each of those logical categories. For detailed information about individual commands, see ADEdit Command Reference.
General Purpose Commands
You can use the following general purpose commands to control overall ADEdit operation or return general information about ADEdit or its host computer.
| Command | Description |
|---|---|
| help | Returns information about a specified ADEdit command or all ADEdit commands. |
| get_adinfo | Returns information about the joined domain, the joined zone, or the name the local computer is joined under. |
| quit | Quits ADEdit. |
| set_ldap_timeout | Sets the time-out value used by ADEdit’s LDAP commands that perform read and write operations on Active Directory through a binding. |
Context Commands
You can use the following context commands set the current domain bindings, report on the current bindings and selected object, and save and retrieve the ADEdit context (which includes both bindings and currently selected objects).
| Command | Description |
|---|---|
| bind | Binds to one or more Active Directory domains to define the ADEdit context for subsequent commands. |
| get_bind_info | Returns information about the domains to which ADEdit is bound. |
| pop | Restores the context from the top of the ADEdit context stack. |
| push | Saves the current context to the ADEdit context stack. |
| show | Displays the current context of ADEdit, including its bound domains and currently selected objects. |
| validate_license | Determines whether there is a valid license and stores an indicator in the ADEdit context. |
Object Management Commands
You can use object management commands to retrieve, modify, create, and delete Active Directory objects of any kind, including Centrify-specific objects such as zones, rights, and roles. The command set for each object type is similar to the command sets for the other object types.
Zone Object Management Commands
You can use the following zone object management commands to create, select, save, and delete zones and manage zone properties.
| Command | Description |
|---|---|
| create_zone | Creates a new zone in Active Directory. |
| delegate_zone_right | Delegates a zone administrative task to a specified user or group. |
| delete_zone | Deletes the selected zone from Active Directory and memory. |
| get_child_zones | Returns a Tcl list of child zones, computer roles, or computer-specific zones associated with the current zone. |
| get_zone_field | Returns the value for a specified field from the currently selected zone. |
| get_zone_nss_vars | Returns the NSS substitution variable for the selected zone. |
| get_zones | Returns a Tcl list of all zones within a specified domain. |
| save_zone | Saves the selected zone with its current settings to Active Directory. |
| select_zone | Retrieves a zone from Active Directory and stores it in memory as the currently selected zone. |
| set_zone_field | Sets the value for a specified field in the currently selected zone. |
Zone User Object Management Commands
You can use the following zone user commands to create, select, save, and delete zone user objects and manage user properties in the currently selected zone.
| Command | Description |
|---|---|
| delete_local_user_profile | Deletes a local user (that is not an Active Directory user) that has a profile defined in the current zone. |
| delete_zone_user | Deletes the zone user from Active Directory and from memory. |
| get_local_user_profile_field | Returns the value of a profile field for the currently selected local user (that is not an Active Directory user) that has a profile defined in the current zone. |
| get_local_users_profile | Returns a Tcl list of profiles for local users (that are not Active Directory users) that are defined in the currently selected zone. |
| get_zone_user_field | Returns the value for a specified field from the currently selected zone user. |
| get_zone_users | Returns a Tcl list of the Active Directory names of zone users in the current zone. |
| list_local_users_profile | Returns a list of local users (that are not Active Directory users) that have a profile defined in the current zone. |
| list_zone_users | Lists all zone users with NSS data for each user in stdout. |
| new_local_user_profile | Creates an object for a local user (that is not an Active Directory user) in the currently selected zone. |
| new_zone_user | Creates a new zone user and stores it in memory as the currently selected zone user. |
| save_local_user_profile | Saves the object for the currently selected local user (that is not an Active Directory user) after you create the local user object or edit profile field values for the local user object. |
| save_zone_user | Saves the selected zone user with its current settings to Active Directory. |
| select_local_user_profile | Selects a local user (that is not an Active Directory user) object for viewing or editing. |
| select_zone_user | Retrieves a zone user from Active Directory and stores it in memory as the selected zone user. |
| set_local_user_profile_field | Sets the value of a field for the currently selected local user (that is not an Active Directory user) that has a profile defined in the current zone. |
| set_zone_user_field | Sets the value for a specified field in the currently selected zone user. |
Zone Group Object Management Commands
You can use the following zone group commands to create, select, save, and delete zone group objects and manage group properties in the currently selected zone.
| Command | Description |
|---|---|
| delete_local_group_profile | Deletes a local group (that is not an Active Directory group) that has a profile defined in the current zone. |
| delete_zone_group | Deletes the zone group from Active Directory and from memory. |
| get_local_group_profile_field | Returns the value of a profile field for the currently selected local group (that is not an Active Directory group) that has a profile defined in the current zone. |
| get_local_groups_profile | Returns a Tcl list of profiles for local groups (that are not Active Directory groups) that are defined in the currently selected zone. |
| get_zone_group_field | Returns the value for a specified field from the currently selected zone group. |
| get_zone_groups | Return a Tcl list of Active Directory names of all zone groups in the current zone. |
| list_local_groups_profile | Returns a list of local groups (that are not Active Directory groups) that have a profile defined in the current zone. |
| list_zone_groups | Lists all zone groups with object data for each group in stdout. |
| new_local_group_profile | Creates an object for a local group (that is not an Active Directory group) in the currently selected zone. |
| new_zone_group | Creates a new zone group and stores it in memory as the currently selected zone group. |
| save_local_group_profile | Saves the object for the currently selected local group (that is not an Active Directory group) after you create the local group object or edit profile field values for the local group object. |
| save_zone_group | Saves the selected zone group with its current settings to Active Directory. |
| select_local_group_profile | Selects a local group (that is not an Active Directory group) object for viewing or editing. |
| select_zone_group | Retrieves a zone group from Active Directory and stores it in memory as the selected zone group. |
| set_local_group_profile_field | Sets the value of a field for the currently selected local group (that is not an Active Directory group) that has a profile defined in the current zone. |
| set_zone_group_field | Sets the value for a specified field in the currently selected zone group. |
Zone Computer Object Management Commands
You can use the following zone computer commands to create, select, save, and delete zone group objects and manage computer properties in the currently selected zone.
| Command | Description |
|---|---|
| delete_zone_computer | Deletes the zone computer from Active Directory and from memory. |
| get_zone_computer_field | Returns the value for a specified field from the currently selected zone computer. |
| get_zone_computers | Returns a Tcl list of Active Directory names of all zone computers in the current zone. |
| list_zone_computers | Lists all zone computers along with object data for each computer in stdout. |
| new_zone_computer | Creates a new zone computer and stores it in memory as the currently selected zone computer. |
| save_zone_computer | Saves the selected zone computer with its current settings to Active Directory. |
| select_zone_computer | Retrieves a zone computer from Active Directory and stores it in memory as the selected zone computer. |
| set_zone_computer_field | Sets the value for a specified field in the currently selected zone computer. |
Computer Role Object Management Commands
You can use the following computer role commands to create, select, save, and delete computer role objects and manage computer role properties in the currently selected zone.
| Command | Description |
|---|---|
| create_computer_role | Creates a new computer role in Active Directory. |
| delete_zone | Deletes the selected computer role from Active Directory and memory. |
| get_role_assignments | Returns a Tcl list of user role assignments associated with the selected computer role. |
| get_zone_field | Retrieves the computer group associated with the computer role. |
| list_role_assignments | Lists user role assignments associated with the selected computer role. |
| new_role_assignment | Creates a new role assignment and associates it with the selected computer role. |
| save_zone | Saves the selected computer role with its current settings to Active Directory. |
| select_zone | Retrieves a computer role from Active Directory and stores it in memory as the selected zone for subsequent commands. |
| set_zone_field | Sets the computer group which is associated with the computer role. |
Role Object Management Commands
You can use the following role object commands to create, select, save, and delete role objects and manage role properties in the currently selected zone.
| Command | Description |
|---|---|
| add_command_to_role | Adds a privileged command to the currently selected role. |
| add_pamapp_to_role | Adds a PAM application right to the currently selected role. |
| delete_role | Deletes the selected role from Active Directory and from memory. |
| get_role_apps | Returns a Tcl list of the PAM applications associated with the currently selected role. |
| get_role_commands | Returns a Tcl list of the privileged commands associated with the currently selected role. |
| get_role_field | Returns the value for a specified field from the currently selected role. |
| get_roles | Returns a Tcl list of roles in the current zone. |
| list_role_rights | List all privileged commands and PAM applications associated with the currently selected role in stdout. |
| list_roles | Lists all roles in the currently selected zone along with object data for each role in stdout. |
| new_role | Creates a new role and stores it in memory as the currently selected role. |
| remove_command_from_role | Removes a privileged command from the currently selected role. |
| remove_pamapp_from_role | Removes a PAM application from the currently selected role. |
| save_role | Saves the selected role with its current settings to Active Directory. |
| select_role | Retrieves a role from Active Directory and stores it in memory as the selected role. |
| set_role_field | Sets the value for a specified field in the currently selected role. |
Role Assignment Object Management Commands
You can use the following role assignment object commands to create, select, save, and delete role assignment objects and manage role assignment properties in the currently selected zone.
| Command | Description |
|---|---|
| delete_role_assignment | Deletes the selected role assignment from Active Directory and from memory. |
| get_role_assignment_field | Returns the value for a specified field from the currently selected role assignment. |
| get_role_assignments | Returns a Tcl list of role assignments in the current zone. |
| list_role_assignments | Lists all role assignments along with object data for each role assignment in stdout. |
| new_role_assignment | Creates a new role assignment and stores it in memory as the currently selected role assignment. |
| save_role_assignment | Saves the selected role assignment with its current settings to Active Directory. |
| select_role_assignment | Retrieves a role assignment from Active Directory and stores it in memory as the selected role assignment. |
| set_role_assignment_field | Sets the value for a specified field in the currently selected role assignment. |
PAM Application Object Management Commands
You can use the following PAM application commands to create, select, save, and delete PAM application objects and manage PAM application properties in the currently selected zone.
| Command | Description |
|---|---|
| delete_pam_app | Deletes the selected PAM application from Active Directory and from memory. |
| get_pam_apps | Returns a Tcl list of PAM applications in the current zone. |
| get_pam_field | Returns the value for a specified field from the currently selected PAM application. |
| list_pam_apps | List all PAM applications along with object data for each PAM application in stdout. |
| new_pam_app | Creates a new PAM application and stores it in memory as the currently selected PAM application. |
| save_pam_app | Saves the selected PAM application with its current settings to Active Directory. |
| select_pam_app | Retrieves a PAM application from Active Directory and stores it in memory as the selected PAM application. |
| set_pam_field | Sets the value for a specified field in the currently selected PAM application. |
Command (dz) Object Management Commands
You can use the following privileged authorization commands to create, select, save, and delete privileged UNIX command and manage command properties in the currently selected zone.
| Command | Description |
|---|---|
| delete_dz_command | Deletes the selected command from Active Directory and from memory. |
| get_dz_commands | Return a Tcl list of commands in the current zone. |
| get_dzc_field | Returns the value for a specified field from the currently selected command. |
| list_dz_commands | List all privileged commands along with object data for each command in stdout. |
| new_dz_command | Creates a new command and stores it in memory as the currently selected command. |
| save_dz_command | Saves the selected command with its current settings to Active Directory. |
| select_dz_command | Retrieve a privileged command from Active Directory and stores it in memory as the selected command. |
| set_dzc_field | Sets the value for a specified field in the currently selected command. |
NIS Map Object Management Commands
You can use the following NIS map commands to create, select, save, and delete NIS maps and manage NIS map entries and properties in the currently selected zone.
| Command | Description |
|---|---|
| add_map_entry | Adds an entry to the currently selected NIS map. |
| add_map_entry_with_comment | Adds an entry with comments to the currently selected NIS map. |
| delete_map_entry | Removes an entry from the currently selected NIS map. |
| delete_nis_map | Deletes the selected NIS map from Active Directory and from memory. |
| get_nis_map | Returns a Tcl list of the entries in the currently selected NIS map. |
| get_nis_map_field | Returns the value for a specified field from the currently selected NIS map. |
| get_nis_map_with_comment | Returns a Tcl list of the entries with their comments in the currently selected NIS map. |
| get_nis_maps | Returns a Tcl list of NIS maps in the current zone. |
| list_nis_map | Lists the NIS map entries from the currently selected NIS map in stdout. |
| list_nis_map_with_comment | Lists the NIS map entries and comments from the currently selected NIS map in stdout. |
| list_nis_maps | List all NIS maps in the currently selected zone in stdout. |
| new_nis_map | Creates a new NIS map and stores it in memory as the currently selected NIS map. |
| save_nis_map | Saves the selected NIS map with its current entries to Active Directory. |
| select_nis_map | Retrieves a NIS map from Active Directory and stores it in memory as the selected NIS map. |
Active Directory Object Management Commands
You can use the following Active Directory commands to create, select, save, and delete NIS maps and manage NIS map entries and properties in the currently selected zone.
| Command | Description |
|---|---|
| add_object_value | Adds a value to a multi-valued field attribute of the currently selected Active Directory object. |
| delete_object | Deletes the selected Active Directory object from Active Directory and from memory. |
| delete_sub_tree | Deletes an Active Directory object and all of its children. |
| get_object_field | Returns the value for a specified field from the currently selected Active Directory object. |
| get_object_field_names | Returns a Tcl list of the field names for each of the fields attributes associated the currently selected Active Directory object. |
| get_objects | Performs an LDAP search of Active Directory and returns a Tcl list of the distinguished names of matching objects. |
| new_object | Creates a new Active Directory object and stores it in memory as the currently selected Active Directory object. |
| remove_object_value | Removes a value from a multi-valued field attribute of the currently selected Active Directory object. |
| save_object | Saves the selected Active Directory object with its current settings to Active Directory. |
| select_object | Retrieves an object with its attributes from Active Directory and stores it in memory as the selected Active Directory object. |
| set_object_field | Sets the value for a specified field in the currently selected Active Directory object. |
Utility Commands
You can use the following utility commands retrieve and convert data from format to format, manipulate distinguished names, and manage group membership and user passwords.
| Command | Description |
|---|---|
| dn_from_domain | Converts a domain’s dotted name to a distinguished name (DN) format. |
| dn_to_principal | Searches Active Directory for a DN and, if found, returns the corresponding UPN. |
| domain_from_dn | Converts a domain’s distinguished name (DN) to a dotted name format. |
| get_group_members | Returns a Tcl list of members in a group. |
| get_parent_dn | Returns the parent of an LDAP path (a distinguished name): it removes the first element of the DN and returns the rest. |
| get_pwnam | Searches the etc/passwd file for a UNIX user name and, if found, returns a Tcl list of the passwd profile values associated with the user. |
| get_rdn | Returns the relative DN of an LDAP path: it returns only the first element of the supplied DN. |
| get_schema_guid | finds a class or attribute in Active Directory and returns its globally unique identifier (GUID) |
| getent_passwd | Returns a Tcl list of all entries in the local /etc/passwd file. |
| joined_get_user_membership | Uses adclient to query Active Directory and returns a Tcl list of groups that a user belongs to. |
| joined_name_to_principal | Uses adclient to search for a UNIX name and return the security principal associated with that UNIX name. |
| joined_user_in_group | Uses adclient to check Active Directory to see if a user is in a group. |
| move_object | Moves the selected object to the specified location. |
| principal_from_sid | Searches Active Directory for an SID and returns the security principal associated with the SID. |
| principal_to_dn | Searches Active Directory for a user principal name (UPN) and, if found, returns the corresponding DN. |
| rename_object | Renames the selected object. |
| set_user_password | Sets an Active Directory user’s password. |
| sid_to_escaped_string | Converts an Active Directory security identifier (SID) to an escaped string. |
| sid_to_uid | Converts an Active Directory SID to a user ID (UID). |
Security Descriptor Commands
You can use the following security descriptor commands modify SDs and make them readable by humans.
| Command | Description |
|---|---|
| add_sd_ace | Adds an access control entry to a security descriptor. |
| explain_sd | Converts a security description in SDDL format to a human-readable form. |
| remove_sd_ace | Removes an access control entry (ACE) from a security descriptor. |
| set_sd_owner | Sets the owner of a security descriptor. |
