All,

Occasionally some of our app teams work with external auditors that wish to verify proper login access to servers.

In our older commercial AD integration tool, they'd just run an "access report" which would provide all desired information. I got hit up today to run an access report for sssd-enabled prod servers.

I saw with great interest the "sssctl access-report" command.

# sssctl access-report amer.company.com

Access report not implemented for domains of type ad

Any plans to implement this access-report subcommand for domains of type AD?

No urgency; you can get most of what's needed via

realm list

and

sssctl user-checks <user>

Spike