The easiest way to administrate a Samba Domain and Active Directory is by using Microsofts RSAT (Remote Server Administration Tools) on a Windows workstation.
"samba-tool" already contains many features for common administration jobs, but compared with the RSAT, it is still missing many options. Another big advantage of using RSAT is that it increases the available documentation (books, online, etc.), because it's the same way that Windows administrators are doing the tasks.
- Windows 10 build >= 9926: http://www.microsoft.com/en-us/download/details.aspx?id=45520
- Install RSAT using the downloaded installer.
- Open „Programs and Features“ (use the startmenu/metro search to locate the tool).
- Click to „Turn Windows features on or off“.
- Depending on the administrative tasks you want to perform, you choose which features to install. The following are recommended options to be installed for Samba AD backends:
- Feature explanation:
- Group Policy Management Tools: Provides Group Policy MMC Snap-ins: Management Tool, Management Editor and Starter GPO Editor)
- Active Directory Module for Windows PowerShell: Administrating AD via PowerShell. See https://technet.microsoft.com/de-de/library/dd378937%28v=ws.10%29.aspx
- AD DS Tools: Provides Active Directory Users and Computers (ADUC) MMC snap-in
- Server for NIS Tools: Adds the „UNIX Attributes“ tab to ADUC objects properties (required for RFC2307 administration!)
- DNS Server tools: Provides the DNS MMC Snap-in for remote DNS management.
- Remote Desktop Services Tool: Extends user properties in ADUC with several tabs about RDP settings and installs MMC Snap-ins for RDP server administration.
- After clicking „OK“, the features are getting activated and can be found in the „Administrative tools“ menu. If not found there, start "mmc.exe" and add the required snap-ins via "File" / "Add/Remove Snap-in...".
Enabling the „Advanced Features“ view
Most of the RSAT tools hide content and menu options in their default setting. To enable all features and display the whole content in each program, go to the „View“ menu and activate „Advanced Features“. Typically this option is only visible, when you've marked the root of the tree view. E. g. in ADUC, you see the option in the „View“ menu only when you have clicked to the „Active Directory Users and Computers“ node.
Reporting incompatibilities and problems
If you encounter any problems using the Microsoft tools for administrating your Active Directory, please report a bug
Byside the problem description, please attach a level 10 debug log and if possible a network capture. A great help it is also, if you could provide a network capture against a Microsoft Server, to compare.