Home » linux-commands » How to manage Samba4 AD-DC using command line

How to manage Samba4 AD-DC using command line

This article will describe you how to manage Samba4 AD-DC using command line, such like add, remove, disable, enable or listing users and groups.

We’ll additionally take a glance on a way to manage domain security policy and the way to bind AD users to native PAM authentication so as for AD users to be able to perform native logins on UNIX operating system Domain Controller.
Samba AD DC are often managed through samba-tool program line utility that offers an excellent interface for administrating your domain.
With the assistance of samba-tool interface you’ll directly manage domain users and teams, domain cluster Policy, domain sites, DNS services, domain replication and different essential domain functions.
How to fix the /bin/rm: Argument list too long error
[root@rp-addc ~]# samba-tool -h
Usage: samba-tool
Main samba administration tool.
-h, –help show this help message and exit
Version Options:
-V, –version Display version number
Available subcommands:
dbcheck – Check local AD database for errors.
delegation – Delegation management.
dns – Domain Name Service (DNS) management.
domain – Domain management.
drs – Directory Replication Services (DRS) management.
dsacl – DS ACLs manipulation.
fsmo – Flexible Single Master Operations (FSMO) roles management.
gpo – Group Policy Object (GPO) management.
group – Group management.
ldapcmp – Compare two ldap databases.
ntacl – NT ACLs manipulation.
processes – List processes (to aid debugging on systems without setproctitle).
rodc – Read-Only Domain Controller (RODC) management.
sites – Sites management.
spn – Service Principal Name (SPN) management.
testparm – Syntax check the configuration file.
time – Retrieve the time on a server.
user – User management.
visualize – Produces graphical representations of Samba network state
For more help on a specific subcommand, please type: samba-tool (-h|–help)

To create a new domain user.
[root@rp-addc ~]#samba-tool user create gajendra.singh
Create an user with several command options.
[root@rp-addc ~]#samba-tool user add gajendra.singh –given-name=Gajendra –surname=Singh –mail-address=gajendra@linuxpcfix.com –login-shell=/bin/bash.
You can list all users using execute by following command.

[root@rp-addc ~]#samba-tool user list

To delete a samba user using following command.

[root@rp-addc ~]#samba-tool user delete gajendra.singh

Reset password of samba a user by executing following command.

[root@rp-addc ~]#samba-tool user setpassword gajendra.singh

Enable and disable a samba user by performing following command.

[root@rp-addc ~]# samba-tool user disable gajendra.singh
[root@rp-addc ~]# samba-tool user enable gajendra.singh

To manage samba group use the following command.

[root@rp-addc ~]# samba-tool group add account

Delete a samba domain group by performing following command:

[root@rp-addc ~]# # samba-tool group delete sales

To list all domain groups using below command.

#samba-tool group list

To list all domain members in a particular group.

[root@rp-addc ~]# samba-tool group listmembers it
[root@rp-addc ~]#

To add and remove a member in particular group use the below command.

[root@rp-addc ~]# samba-tool group addmembers it jitendra.choudhary
Added members to group it

To review samba domain password policy and settings.

[root@rp-addc ~]# samba-tool domain passwordsettings show
Password informations for domain ‘DC=linuxpcfix,DC=rpn’
Password complexity: on
Store plaintext passwords: off
Password history length: 24
Minimum password length: 7
Minimum password age (days): 1
Maximum password age (days): 42
Account lockout duration (mins): 30
Account lockout threshold (attempts): 0
Reset account lockout after (mins): 30

In order to modify password policy of you samba domain use following steps and command.

[root@rp-addc ~]#samba-tool domain passwordsettings set –complexity=off
Password complexity deactivated!
[root@rp-addc ~]#samba-tool domain passwordsettings set –history-length=0
All changes applied successfully!
[root@rp-addc ~]#samba-tool domain passwordsettings set –min-pwd-age=0
Minimum password age changed!
All changes applied successfully!
[root@rp-addc ~]#samba-tool domain passwordsettings set –max-pwd-age=0
Maximum password age changed!
All changes applied successfully!
[root@rp-addc ~]#samba-tool domain passwordsettings set –min-pwd-length=4
Minimum password length changed!
All changes applied successfully!

If you are planning to configure SAMBA 4 AD-DC on Centos then follow the below link


I am founder and webmaster of www.linuxpcfix.com and working as a Sr. Linux Administrator (Expertise on Linux/Unix & Cloud Server) and have been in the industry since more than 14 years.

Leave a Reply

Your email address will not be published. Required fields are marked *


Time limit is exhausted. Please reload the CAPTCHA.

Categorized Tag Cloud