Solved: mgmt_cli show dns-domains & show-membership not wo...

durd_ · ‎2025-10-14

Hi,

I'm trying to read out group memberships for DNS Domain objects using mgmt_cli and API version 1.9.1, but I'm not getting out any 'groups' even for objects that are confirmed used in groups via SmartConsole. This is from a domain in an MDS-system, but "show hosts details-level full show-membership true" works, so I'm assuming this isn't an MDS limitation.

I'm running the command below, referenced from API documentation:

mgmt_cli show dns-domains details-level full show-membership true --session-id $CPAPI_SID -f json

Is it only me or is it a bug?

I don't have an v2+ API to test this on yet.

I'm dreading going through all groups and finding dns-domain objects from there 😛

Thanks!

Bob_Zimmerman · ‎2025-10-14

It accepts the key, but doesn't change anything about the returned data. The objects simply don't get a 'groups' key. You're right, this looks like a bug. It's easy enough to work around by using where-used, though:

mgmt_cli -f json -d <CMA> -r true where-used uid <Object UUID> | jq '."used-directly".objects[].name'

View solution in original post

_Val_ · ‎2025-10-14

Try without advanced flags and tell us if it makes any difference:

mgmt_cli show dns-domains

durd_ · ‎2025-10-14

I appreciate the help!

I get the first 50 of the DNS Domain objects with your command, but no group memberships of the objects. Below are some tests and comparison to "show hosts".

export CPAPI_SID=$(mgmt_cli -r true login domain <domain> -f json | jq -r '.sid')

# no group memberships of DNS Domain objects
mgmt_cli show dns-domains --session-id $CPAPI_SID
Ex:
- uid: "67ecbdd2-xyz-481b-9711-7a1ad69d8fdb"
  name: ".confirmed-member-of-group.example.com"
  type: "dns-domain"
  domain:
    uid: "1e294ce0-xyz-11e3-aa6e-0800200c9a66"
    name: "Global"
    domain-type: "global domain"
  icon: "Objects/domain"
  color: "violet red"

# no group memberships of DNS Domain objects
mgmt_cli show dns-domains show-membership true --session-id $CPAPI_SID

# no group memberships of DNS Domain objects
mgmt_cli show dns-domains details-level full show-membership true --session-id $CPAPI_SID

# no group memberships of Host objects
mgmt_cli show hosts show-membership true --session-id $CPAPI_SID

# group memberships of Host objects
mgmt_cli show hosts details-level full show-membership true --session-id $CPAPI_SID

I'm very sure I need "details-level full" to get group membership output.

I saw an invite to a R82 lab, I have try it later on though, I'm on 15% battery >_<.

the_rock · ‎2025-10-14

I am POSITIVE that if anyone would know answer to this, its @Bob_Zimmerman

Andy

Best,
Andy

the_rock · ‎2025-10-14

I did command Val suggested and that worked.

Andy

Best,
Andy

Bob_Zimmerman · ‎2025-10-14

It accepts the key, but doesn't change anything about the returned data. The objects simply don't get a 'groups' key. You're right, this looks like a bug. It's easy enough to work around by using where-used, though:

mgmt_cli -f json -d <CMA> -r true where-used uid <Object UUID> | jq '."used-directly".objects[].name'

durd_ · ‎2025-10-20

Thank you for tip with where-used and UUID, and confirming that I'm not losing my mind 🙂

I'm sorry that I have not tried the R82 lab yet. Is it worth raising a ticket for the r81.20 API?

Bob_Zimmerman · ‎2025-10-20

Sure. R81.20 is still supported. It behaves the same on R82 jumbo 41, though. That's where I tested.

Are you a member of CheckMates?

mgmt_cli show dns-domains & show-membership not working