A linux based Active Directory server can be managed from a Windows client using the Remote System Administration Tool very easily, and it is the convenient way for system administrators with only Microsoft Windows background. But for administrators who love to use the command line, "samba-tool" is a great command line tool to manage Active Directory configured on a Linux Box. Throughout this post and on my future posts I will be showing hands-on examples about using the "samba-tool" command.
User Management using samba-tool
Create a new user using samba-tool
Syntax: samba-tool user create <username> [<password>] [options]
samba-tool user create user1 password --given-name=firstname --surname=surname
The above command will create a new user with the name as user1 and password will be password, you can type your desired password. The options --given-name and --surname are to assign user first name and surname.
To make the user change password at first login add the option --must-change-at-next-login when creating the user
By default samba-tool creates the new user under the Users Organisational Unit, to create the user under a different OU use the option --userou='ou=OUNAME'
Set or reset password of a user
Syntax: samba-tool user setpassword (<username>|--filter <filter>) [options]
samba-tool user setpassword user1
or
samba-tool user setpassword --filter=samaccountname=user1
Both the above commands can be used to set or change password of a user
To force the user change password at next logon add option --must-change-at-next-login
samba-tool user setpassword user1 --must-change-at-next-login
or
samba-tool user setpassword --filter=samaccountname=user1 --must-change-at-next-login
To get detailed help and all the available options to create and manage users run this command
samba-tool user -h
Group Management using samba-tool
Create a new group
Syntax: samba-tool group add groupname [options]
samba-tool group add sales
The command above creates a new group named sales, because there is no options applied the group is created under the default organisational unit Users.
Change the group's OU and other parameters such group type and scope
samba-tool group add sales --groupou='ou=restrict' --group-type=Security --group-scope=Global
The above command creates a group sales under OU "restrict" with group type as security and group scope as global.
Add members to a group
Syntax: samba-tool group addmembers <groupname> <listofmembers> [options]
samba-tool group addmembers sales user1,user2,user3
Syntax: samba-tool group removemembers <groupname> <listofmembers> [options]
samba-tool group removemembers sales user2,user3
The above command removes the user2 and user3 from the group sales
List members of a group
Syntax: samba-tool group listmembers <groupname> [options]
samba-tool group listmembers sales
To get detailed help and all the available options to create and manage groups run this command:
samba-tool group -h
User Management using samba-tool
Create a new user using samba-tool
Syntax: samba-tool user create <username> [<password>] [options]
samba-tool user create user1 password --given-name=firstname --surname=surname
The above command will create a new user with the name as user1 and password will be password, you can type your desired password. The options --given-name and --surname are to assign user first name and surname.
To make the user change password at first login add the option --must-change-at-next-login when creating the user
By default samba-tool creates the new user under the Users Organisational Unit, to create the user under a different OU use the option --userou='ou=OUNAME'
Set or reset password of a user
Syntax: samba-tool user setpassword (<username>|--filter <filter>) [options]
samba-tool user setpassword user1
or
samba-tool user setpassword --filter=samaccountname=user1
Both the above commands can be used to set or change password of a user
To force the user change password at next logon add option --must-change-at-next-login
samba-tool user setpassword user1 --must-change-at-next-login
or
samba-tool user setpassword --filter=samaccountname=user1 --must-change-at-next-login
To get detailed help and all the available options to create and manage users run this command
samba-tool user -h
Group Management using samba-tool
Create a new group
Syntax: samba-tool group add groupname [options]
samba-tool group add sales
The command above creates a new group named sales, because there is no options applied the group is created under the default organisational unit Users.
Change the group's OU and other parameters such group type and scope
samba-tool group add sales --groupou='ou=restrict' --group-type=Security --group-scope=Global
The above command creates a group sales under OU "restrict" with group type as security and group scope as global.
Add members to a group
Syntax: samba-tool group addmembers <groupname> <listofmembers> [options]
samba-tool group addmembers sales user1,user2,user3
Remove members from a group
Syntax: samba-tool group removemembers <groupname> <listofmembers> [options]
samba-tool group removemembers sales user2,user3
The above command removes the user2 and user3 from the group sales
List members of a group
Syntax: samba-tool group listmembers <groupname> [options]
samba-tool group listmembers sales
To get detailed help and all the available options to create and manage groups run this command:
samba-tool group -h
Comments
Post a Comment