The easiest way to administrate a Samba Domain and Active Directory is by using Microsofts RSAT (Remote Server Administration Tools) on a Windows workstation.
"samba-tool" already contains many features for common administration jobs, but compared with the RSAT, it is still missing many options. Another big advantage of using RSAT is that it increases the available documentation (books, online, etc.), because it's the same way that Windows administrators are doing the tasks.
- Windows 10: https://www.microsoft.com/en-us/download/details.aspx?id=45520 (See Note about RSAT for Windows 10 - Server for NIS Tools)
- Install RSAT using the downloaded installer.
- Open „Programs and Features“ (use the startmenu/metro search to locate the tool).
- Click to „Turn Windows features on or off“.
- Depending on the administrative tasks you want to perform, you choose which features to install. The following are recommended options to be installed for Samba AD backends:
- Feature explanation:
- Group Policy Management Tools: Provides Group Policy MMC Snap-ins: Management Tool, Management Editor and Starter GPO Editor)
- Active Directory Module for Windows PowerShell: Administrating AD via PowerShell. See https://technet.microsoft.com/de-de/library/dd378937%28v=ws.10%29.aspx
- AD DS Tools: Provides Active Directory Users and Computers (ADUC) MMC snap-in
- Server for NIS Tools: Adds the „UNIX Attributes“ tab to ADUC objects properties (required for RFC2307 administration!). Windows 10 users, see Note about RSAT for Windows 10 - Server for NIS Tools.
- DNS Server tools: Provides the DNS MMC Snap-in for remote DNS management.
- Remote Desktop Services Tool: Extends user properties in ADUC with several tabs about RDP settings and installs MMC Snap-ins for RDP server administration.
- After clicking „OK“, the features are getting activated and can be found in the „Administrative tools“ menu. If not found there, start "mmc.exe" and add the required snap-ins via "File" / "Add/Remove Snap-in...".
Enabling the „Advanced Features“ view
Most of the RSAT tools hide content and menu options in their default setting. To enable all features and display the whole content in each program, go to the „View“ menu and activate „Advanced Features“. Typically this option is only visible, when you've marked the root of the tree view. E. g. in ADUC, you see the option in the „View“ menu only when you have clicked to the „Active Directory Users and Computers“ node.
Note about RSAT for Windows 10 - Server for NIS Tools
RSAT on Windows 10 doesn't ship the "Server for NIS Tools" any more. Dies means you don't have the "Unix attributes" tab in "Active Directory User and Computer" (ADUC) any more for filling those attributes in a form. However, you still can edit the attributes via the "Attributes" tab in the ADUC properties (requires the advanced features option enabled). In the following, we list the attributes, that were filled by the fields on the "Unix Attributs" tab of previous RSAT versions:
- NIS Domain: msSFU30NisDomain
- UID: uidNumber
- Logon Shell: loginShell
- Home Directory: unixHomeDirectory
- Primary group name/GID: primaryGroupID
- NIS Domain: msSFU30NisDomain
- GID (Group ID): gidNumber
Reporting incompatibilities and problems
If you encounter any problems using the Microsoft tools for administrating your Active Directory, please report a bug
As well as the problem description, please attach a level 10 debug log and if possible a network capture. It would also be a great help if you can provide a network capture against a Microsoft Server as comparison.