It’s possible to get a list of users of active users in IDM/IPA with formatted date and time by running this one liner command. It gets you the list of users with last successsful authentications to IDM/IPA server. Very handy command when it’s required for Audit purposes. It will also give you the list of users who last changed password and you can modify it according to your requirements.

Run the following commands to get the following

To get list of active users

# ipa user-find --all --raw | grep -iE '(dn:|krbLastSuccessfulAuth)' | cut -d ',' -f1 | cut -d: -f2 |  sed -re 's/([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]+)Z/\3-\2-\1 \4:\5:\6/' 

Output:

[user@idm ~]$ ipa user-find --all --raw | grep -iE '(dn:|krbLastSuccessfulAuth)' | cut -d ',' -f1 | cut -d: -f2 |  sed -re 's/([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]+)Z/\3-\2-\1 \4:\5:\6/'
uid=admin
 09-03-2016 15:25:16
 uid=faizan.ahmed
 01-03-2016 08:17:17
 uid=farooq.ahmed
 09-03-2016 16:47:26
 uid=spacewalk.user
 01-02-2016 16:10:29
 uid=vadmin
 29-02-2016 15:16:31
 uid=vcsa.user
 09-03-2016 14:23:29

To get list of users who last changed their password

# ipa user-find --all --raw | grep -iE '(dn:|krblastpwdchange)' | cut -d ',' -f1 | cut -d: -f2 |  sed -re 's/([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]+)Z/\3-\2-\1 \4:\5:\6/'

Output:

[user@idm ~]$ ipa user-find --all --raw | grep -iE '(dn:|krblastpwdchange)' | cut -d ',' -f1 | cut -d: -f2 |  sed -re 's/([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]+)Z/\3-\2-\1 \4:\5:\6/'
 uid=admin
 29-12-2015 10:55:53
 uid=faizan.ahmed
 01-03-2016 08:16:40
 uid=farooq.ahmed
 29-12-2015 12:16:05
 uid=spacewalk.user
 01-02-2016 15:57:03
 uid=vadmin
 24-02-2016 23:30:17
 uid=vcsa.user
 09-03-2016 14:22:18

 And so forth as required you can change the krb command.

That’s it and please do let us know via Contact Us if you come across any issues.