## Report Users with UID >= 1000

I decided to take a more complex approach with this task than would be necessary on a "standard" Linux installation to make the script more robust. It still has some tweaks that would need to be made on a University domain-joined computer (namely, checking the `lastlog` command and only printing users who have actually logged in, depending on the purpose of the report, since otherwise it would include _all_ accounts, as LDAP user providers usually handle authorization independently of user enumeration and authentication). However, for smaller lists of centralized users, or for a system that makes heavy use of ephemeral users managed by `systemd`, this script will work.

I did this mainly because I use centralized authentication on my personal computers, so I wanted to make sure I didn't provide a script that wouldn't even function on my own computers. It is, admittedly, less valuable to parse `getent passwd` enumeration when working with a large number of users in the central auth server.

However, what I see as the main purpose of a report like this -- getting a list of people who can log into a server -- would be better accomplished on a system with LDAP authentication by checking the LDAP settings on said server and doing a manual LDAP search based on those settings. That way, you wouldn't have to filter out all the users that are not allowed to log in (and will be blocked at the authorization stage by the PAM `account` LDAP module) but can still be resolved.

As for some design decisions I made...

I use `awk` to do the filtering, rather than a shell `if` statement, because I'm already using it to format the output. The `cut` command would work for extracting the fields, but can't format the output in one go like `awk` can. In an older version of the script, I do loop through the lines with a shell `for` loop and filter them with `if`, but I was still formatting it with `awk`.

I ended up with a one-liner after simplifying the script from a `for` loop. Ultimately, because `awk` operates on lines rather than whole input, I decided that it would make more sense to send it the entire output of `getent` rather than one line at a time.

I also filter out the `nobody` user as it exists on every Linux system and would likely not have relevance to the person asking for this report. However, if it is still desired to be included, re-adding it to the report would be trivial; simply remove the `grep` command from the pipe.