IT Connect

Information technology tools and resources at the UW

Verifying UW NetIDs

This document discusses how you might take a list of usernames and verify whether they are existing, active UW NetIDs or not. This document assumes you might want to do that using an existing Windows domain as the source of your usernames. The tools discussed below assume you have access to a Windows computer which can authenticate with the central NETID Windows domain (either via a trust or delegated OU).

The Tools

domainUsersToFile.exe is an executable you can run which will generate a list of all the usernames in the Windows domain of the computer you run it from. If desired, you can exclude disabled users.

verifyUsernamesAreUwnetids.exe is an executable that when run by any NETID domain user will report whether each username in the file generated by domainUsersToFile is valid or not. In this context, valid means there is a UW NetID with Kerberos services enabled. A sample domainUsersToFile.txt file is included (which you should edit/replace).

When used in conjunction, these two tools allow you to vet your existing Windows domain users against the central NETID Windows domain to see which users might need to have a UW NetID created.

DomainUsersToFile Usage

Usage: domainUsersToFile.exe [disabled=N]

This executable will create an output file of domainUsersToFile.txt in whatever directory the executable is in. That file will have one username per line.

If you’d like to exclude disabled user accounts from the output, include the “disabled=N” parameter.

VerifyUsernamesAreUwnetids Usage

Usage: verifyUsernamesAreUwnetids.exe [groupsync|validonly]

This executable requires that you execute it using a netid.washington.edu domain user account. If you don’t, then all usernames will come back as invalid. If you are in a Windows domain that trusts netid.washington.edu, you can either login interactively or use the runAs functionality.

This executable takes as input a domainUsersToFile.txt file in whatever directory the executable is in. That file is assume to have one username per line.

This executable will create an output file of verifyUsernamesAreUwnetids.txt in whatever directory the executable is in. That file will have output in the following format:

5/26/2010 9:27:18 AM
UW Windows Infrastructure Verify Usernames Are UW NetIDs Utility – Version 1.3
(c) 2010 University of Washington

——-
nebulaadm : NOT valid
barkills : valid
jmorris : valid
deb : valid
a_sophos_emlib : NOT valid
venture : NOT valid

Additionally, all invalid usernames will be output to the console, and a count of the number of valid and invalid usernames.

Optionally, you can specify one of 3 arguments:

  • groupsync
  • validonly
  • invalidonly

An optional argument of groupsync which will create an output file of groupSyncUserMapping.xml in the directory the executable is in. That file is in XML formatting and might be used to import Windows domain groups to the UW Groups Service, and includes every invalid user from your Windows domain. You’d need to find a way to use this file yourself. If you do use that file, you will need to manually edit the groupSyncUserMapping.xml to denote the correct UW NetID to map each of your invalid users to.

An optional argument of validonly will result in the verifyUsernamesAreUwnetids.txt file including only the valid usernames, like so:

UW Windows Infrastructure Verify Usernames Are UW NetIDs Utility – Version 1.3
(c) 2010 University of Washington

——-
barkills
jmorris
deb

An optional argument of invalidonly will result in the verifyUsernamesAreUwnetids.txt file including only the invalid usernames, like so:

UW Windows Infrastructure Verify Usernames Are UW NetIDs Utility – Version 1.3
(c) 2010 University of Washington

——-
nebulaadm
a_sophos_emlib
venture

Source code available upon request.