i'm searching for a way to get information about all our users and their groups. Especially in source this seems not to be so easy. So i tried the commandline:
and i get many, many users, but not all. Why? Which parameter prevents user "A" from being shown by "aa users", and user B not?
Second try: i dont know whether the group "everyone" is an out-of-the-box-group in integrity or not, but all of our users are members of this group. So i thought i could use this line:
aa groups --member everyone
but i didnt get any user. Why?
With any other group i get a full list of members of this group, but since not every user is in every group this is a mess.
i get another list of users, but i know that it cannot be a complete list. This list has less members than the list from "aa users", but there are members shown by "im users" which are not shown by "aa users". ??? I dont know what i can believe?
Is there any hidden parameter for "aa users" or "aa groups" to show me all users with one commandline? At the moment we retrieve all users from all groups and parse these lists afterwards. So i'm asking myself why we have a expensive tool with a more expensive database in the back and then we have to do such queriing outside of this tool with batches, excel and so on? Or is it a misconfiguration?
thanks in andvance, Jens
My understanding is that:
aa userslists all users that are currently active in the backing authenticating realm(s).
im userslists all users that have used Workflows and Documents (IM), or which have been manually imported in the admin GUI from an authentication realm.
everyone is a special default out-of-the-box group that includes all users and cannot be edited. I'm not sure why it does not list all users on the server when
aa groups --member everyone is run (I get the same behavior in 10.4).
im users is only going to give a full list if every user is imported in the im user/group cache. If you don't run Source Integrity (SI), you could use it to show a list of all users who have ever used or been imported into the im user/group cache, but the utility of that is narrow, and probably not what you are looking for.
I'll dig a little further when I get a chance.
thanks for your answer. With aa users i did not even get my username, and i know that my user is active and in the backing realm . Yesterday i've compared the output of different commands, and between "aa users" i got ~ 2500 users. The sum of all users found by "im users" is ~2000 users. But: the overlap of this two lists (at the same realm) is not more then 500! Practically both lists has to be wrong. I cant see which command i have to use to get a real and serious output.
BTW: we're using SI too, and i cant say how much it annoys me, that there is not even a command like "si users".
I gave these questions to your support, but i didnt get an answer yet.
kind regards, Jens