Samba Active Directory

1.5.1.1 Using Samba Active Directory

Here is a list of terminal instructions that could be useful to interact with Samba Active Directory


1. Check your domain basics first

Make sure you’re on the AD DC itself and Samba is running in AD mode:

samba-tool domain info localhost

You should see domain name, SID,
forest level, etc.


2. Managing users

List users

sudo samba-tool user list

Create a user

sudo samba-tool user create alice

With more control:

sudo samba-tool user create alice
'Str0ngP@ss!' \

--given-name=Alice \

--surname=Smith \

--mail-address=alice@example.com

Enable / disable a user

sudo samba-tool user disable alice

sudo samba-tool user enable alice

Delete a user

samba-tool user delete alice

Reset a password

sudo samba-tool user setpassword alice

Or non-interactive:

sudo samba-tool user setpassword alice
--newpassword='N3wP@ss!'

Show user details

samba-tool user show alice


3. Managing groups

List groups

samba-tool group list

Create a group

samba-tool group add it-admins

Delete a group

samba-tool group delete it-admins

Show group details

samba-tool group show "Domain
Admins"


4. Managing group membership

Add a user to a group

samba-tool group addmembers
it-admins alice

Multiple users:

samba-tool group addmembers
it-admins alice bob charlie

Remove a user from a group

samba-tool group removemembers
it-admins alice

List group members

samba-tool group listmembers
it-admins


5. Organizational Units (OUs)

List OUs

samba-tool ou list

Create an OU

samba-tool ou create
"OU=Servers,DC=example,DC=com"

Move a user into an OU

samba-tool user move alice
"OU=Staff,DC=example,DC=com"


6. User account policies
(password rules)

Show current policy:

samba-tool domain passwordsettings
show


Example: enforce stronger passwords

samba-tool domain passwordsettings
set \

--min-pwd-length=12 \

--complexity=on \

--history-length=24 \

--max-pwd-age=90


7. Admin & privileged groups
(important ⚠️)

Common built-in groups:


  • Domain Admins – full
    control


  • Enterprise Admins
    forest-wide


  • Account Operators
    manage users/groups


  • Server Operators
    manage DCs


Add a user to Domain Admins:

 samba-tool group addmembers "Domain Admins" alice

















































































samba-tool group addmembers "Domain
Admins" alice