Cfengine 3 example active_directory.html
#########################################################################
#
#   active_directory.cf - Extract Data From Windows Domain Controllers
#
#   NOTE: Since we don't supply any credentials in this policy file,
#         the Domain Controller must allow anonymous bind. Also,
#         the user "NT AUTHORITY\ANONYMOUS LOGON" must be granted access
#         to the resources we want to read.
#
#########################################################################

bundle agent active_directory
{
vars:
# NOTE: Edit this to your domain, e.g. "corp", may also need more DC's after it
  "domain_name" string => "cftesting";
  "user_name"    string => "Guest";

  
# NOTE: We can also extract data from remote Domain Controllers

dummy.DomainController::
  "domain_controller"  string => "localhost";

  "userlist"    slist => ldaplist(
                                  "ldap://$(domain_controller)",
                                  "CN=Users,DC=$(domain_name),DC=com",
                                  "(objectClass=user)",
                                  "sAMAccountName",
                                  "subtree",
                                  "none");

classes:

dummy.DomainController::

   "gotuser" expression => ldaparray(
                                    "userinfo",
                                    "ldap://$(domain_controller)",
                                    "CN=$(user_name),CN=Users,DC=$(domain_name),DC=com",
                                    "(name=*)",
                                    "subtree",
                                    "none");

								  
reports:
dummy.DomainController::
  "Username is \"$(userlist)\"";

dummy.gotuser::
  "Got user data; $(userinfo[name]) has logged on $(userinfo[logonCount]) times";

}