The samba-tool user command is a powerful utility provided by Samba for managing user accounts in an Active Directory domain. It offers a wide range of subcommands that allow administrators to add, delete, modify, and query user information, thereby simplifying user administration in mixed Windows/Unix environments.
Using samba-tool user, you can:
- Create new user accounts
- Delete existing accounts
- Modify user attributes
- Rename user accounts
- Manage passwords
- Unlock, disable, or enable accounts
- Display detailed user information
- List all domain users
Below are the common subcommands along with usage examples.
Purpose: Create a new user account in the domain.
Usage:
samba-tool user add <username> [password] [options]Example:
samba-tool user add jdoe P@ssw0rd --given-name="John" --surname="Doe" --mail-address=jdoe@example.comThis command creates a new user jdoe with the specified password and additional attributes.
Purpose: Remove an existing user account from the domain.
Usage:
samba-tool user delete <username>Example:
samba-tool user delete jdoeThis removes the user jdoe from the Active Directory.
Purpose: Update properties of an existing user account.
Usage:
samba-tool user modify <username> [attribute options]Example (setting an expiry date):
samba-tool user setexpiry jdoe 2023-12-31This sets the password expiry for jdoe to December 31, 2023.
Purpose: Change the username of an existing account.
Usage:
samba-tool user rename <oldusername> <newusername>Example:
samba-tool user rename jdoe john.doeThis renames the user account from jdoe to john.doe.
Purpose: Assign or update a user's password.
Usage:
samba-tool user setpassword <username>Example:
samba-tool user setpassword john.doeThis command prompts for a new password for john.doe.
Purpose: Remove a lock from a user account that was locked due to multiple failed logins.
Usage:
samba-tool user unlock <username>Example:
samba-tool user unlock john.doeThis unlocks the user account john.doe.
Purpose: Control the active status of a user account.
Usage:
- Disable a user:
samba-tool user disable <username>
- Enable a user:
samba-tool user enable <username>
Example:
samba-tool user disable john.doe
samba-tool user enable john.doeThese commands disable and then enable the user john.doe.
Purpose: Display detailed information about a specific user.
Usage:
samba-tool user show <username>Example:
samba-tool user show john.doeThis displays detailed attributes of the user john.doe, such as SID, account flags, and other properties.
Purpose: Retrieve a list of all user accounts in the domain.
Usage:
samba-tool user listExample:
samba-tool user listThis command lists all the user accounts available in the domain.
-
Attribute Options:
When adding or modifying a user, you can supply additional attributes (e.g.,--given-name,--surname,--mail-address). -
Scripting and Automation:
The commands insamba-tool userare script-friendly, enabling batch operations for large-scale user management. -
Privileges:
Operations typically require domain administrator privileges. Ensure you run these commands with appropriate credentials. -
Verification:
After performing changes, usesamba-tool user show <username>to verify that the modifications are applied as expected.
The samba-tool user command is an essential utility for managing user accounts in a Samba Active Directory environment. It provides comprehensive functionality—from creating and deleting users to managing passwords and modifying account properties—enabling administrators to maintain a secure and well-organized domain. By integrating these subcommands into your administrative workflows, you can efficiently manage user identities in mixed-OS environments.