A Basic Guide to Four Different ETAUTIL Processes

Article By: Adarian Dunmeyer

ETAUTIL is a command line utility that allows users to run commands directly to the Provisioning Server in order to perform functions without the User Interface of Provisioning Manager. When necessary, it is possible to automate this function whenever there is a new endpoint onboarded into your Identity Manager Solution, such as Symantec Identity Manager. It is also especially useful for performing repetitive and time-consuming tasks. Below, we’ve put together four different sets of instructions for ETAUTIL-based operations to streamline basic identity management processes including:

  • How To Assign Dynamic Endpoints to Account Templates using ETAUTIL
  • How To Explore Unix Endpoint Account OUs using ETAUTIL
  • How To Explore Unix Endpoint Group OUs using ETAUTIL
  • How To Assign Provisioning Roles to Dynamic Account Templates using ETAUTIL

Prerequisites

  • The Provisioning Role and Account Template must exist inside the Provisioning Server.
  • The Provisioning Manager must be installed.

Needs to Know

  • The syntax for running the etautil is etautil [-n] [-d domain] [-u user [-p password]] [-y password-file] -DYN [options] control_statements
  • n Verifies the syntax of the command you entered, without executing the command
  • -d domain Specifies the name of the provisioning domain. The default domain is “im”
  • -u user Specifies the global user name for authentication. 
  • -p password Specifies the password of the named global user for authentication. Cannot be specified with –y password_file option. 
  • -y password-file Specifies a file name that contains a global user password. Cannot be specified with –p password option.
  • DYN is for Dynamic connectors or endpoints.
  • options Includes any of the following: 
    • -f filename Reads the control statements in the indicated file and executes them. Use semicolons (;) to delimit multiple control statements. 
    • -I Invokes the etautil interactive mode, which lets you enter control statements at the prompt. (Use <Ctrl+D> or <Enter> to terminate the interactive mode). 
    • -o Displays operation details to stdout. See the section Obtain Operation Details. 
    • -h Displays etautil help. 
  • control statements tell etautil the procedures to carry out; this is the request that is sent to the Provisioning Server. Use semicolons to delimit multiple control statements in a single etautil command. The following are control statements:
    • Add
    • Copy/Copyall
    • Delete
    • Explore
    • MassChange
    • Report
    • Update

How To Assign Dynamic Endpoints to Account Templates using ETAUTIL

Task 1 – Run the ETAUTIL command

  1. Open the command prompt interface (cmd.exe for Windows, shell prompt for Unix).
  2. Navigate to the “bin” Directory of the Provisioning Manager install directory.
    1. Windows Default path: C:\Program Files (x86)\CA\Identity Manager\Provisioning Manager\bin
    2. Unix Default path: /opt/CA/IdentityManager/ProvisioningManager/bin
  3. Run the following command to assign the endpoint to the template:
    1. etautil.exe” -d im -u <user> -p <password> -DYN -o add ‘eTDYNPolicyContainerName=DYN Policies,eTNamespaceName=<Endpoint Type>’ eTDYNPolicy eTDYNPolicyName='<TemplateName>’ in ‘eTNamespaceName=<Endpoint Type>,dc=im’ eTDYNDirectory eTDYNDirectoryName=<EndpointName>;

How To Explore Unix Endpoint Account OUs using ETAUTIL

Task 1 – Run the ETAUTIL command

  1. Open the command prompt interface (cmd.exe for Windows, shell prompt for Unix).
  2. Navigate to the “bin” Directory of the Provisioning Manager install directory.
    1. Windows Default path: C:\Program Files (x86)\CA\Identity Manager\Provisioning Manager\bin
  3. Run the following command to explore the Unix Endpoint Account OU: 
    1. etautil.exe -d im -u <user> -p <password> -DYN -o explore ‘eTDYNAccountContainerName=Accounts,eTDYNDirectoryName=<EndpointName>,eTNamespaceName=UNIX v2’ eTDYNAccount list eTExploreUpdateEtrust

How To Explore Unix Endpoint Group OUs using ETAUTIL

Task 1 – Run the ETAUTIL command

  1. Open the command prompt interface (cmd.exe for Windows, shell prompt for Unix).
  2. Navigate to the “bin” Directory of the Provisioning Manager install directory.
    1. Windows Default path: C:\Program Files (x86)\CA\Identity Manager\Provisioning Manager\bin
  3. Run the following command to explore the Unix Endpoint Group OU: 
    1. etautil.exe -d im -u <user> -p <password> -DYN -o explore ‘eTDYNAccountContainerName=Groups,eTDYNDirectoryName=<EndpointName>,eTNamespaceName=UNIX v2’ eTDYNGroup list eTExploreUpdateEtrust

How To Assign Provisioning Roles to Dynamic Account Templates using ETAUTIL

Task 1 – Run the ETAUTIL command

  1. Open the command prompt interface (cmd.exe for Windows, shell prompt for Unix).
  2. Navigate to the “bin” Directory of the Provisioning Manager install directory.
    1. Windows Default path: C:\Program Files (x86)\CA\Identity Manager\Provisioning Manager\bin
    2. Unix Default path: /opt/CA/IdentityManager/ProvisioningManager/bin
  3. Run the following command to assign the role to the template:
    1. etautil.exe -d im -u etaadmin -p [email protected] -DYN -o add ‘eTDYNPolicyContainerName=DYN Policies,eTNamespaceName=<Endpoint Type>’ eTDYNPolicy eTDYNPolicyName='<TemplateName>’ in ‘eTRoleContainerName=Roles,eTNamespaceName=CommonObjects,dc=im’ eTRole eTRoleName='<RoleName>’;

Looking for additional help with ETAUTIL? ISX Consulting is an elite IAM security firm that offers boundless expertise in a range of cybersecurity and business process services, including Symantec Identity Manager and general identity management. Take your interoperability to the next level, and contact an ISX consultant today.

ISXA Basic Guide to Four Different ETAUTIL Processes

Leave a Reply

Your email address will not be published. Required fields are marked *