The easiest way to administer an Active Directory is by using Microsofts RSAT (Remote Server Administration Tools) on a Windows machine.
"samba-tool" already contains many features for common administration jobs, but compared with the RSAT, it is still missing many options. Another big advantage of using RSAT, it increases the available documentation (books, online, etc.), because it's the common way Windows administrators are doing these tasks.
- Windows 10: https://www.microsoft.com/en-us/download/details.aspx?id=45520 (See Note about RSAT for Windows 10 - Server for NIS Tools)
- Install RSAT using the downloaded installer
- Open "Programs and Features" (use the "Start Menu/Metro search to locate the tool).
- Open "Turn Windows features on or off"
- Depending on the administrative tasks you want to perform, you choose the features to install. The following are recommended options to be installed for Samba Active Directory installations:
- Feature explanation:
- Group Policy Management Tools: Provides Group Policy MMC Snap-ins: Management Tool, Management Editor and Starter GPO Editor)
- Active Directory Module for Windows PowerShell: Administrating AD via PowerShell. See https://technet.microsoft.com/de-de/library/dd378937%28v=ws.10%29.aspx
- AD DS Tools: Provides Active Directory Users and Computers (ADUC) MMC snap-in
- Server for NIS Tools: Adds the "UNIX Attributes" tab to ADUC objects properties for easy RFC2307 administration. Windows 10 users, see Note about RSAT for Windows 10 - Server for NIS Tools
- DNS Server tools: Provides the DNS MMC Snap-in for remote DNS management
- Remote Desktop Services Tool: Extends user properties in ADUC with several tabs about RDP settings and installs MMC Snap-ins for RDP server administration
- Click "OK" to activate the features. They can be found in the "Administrative tools" menu. If not found there, start "mmc.exe" and add the required snap-ins via "File" / "Add/Remove Snap-in...".
Enabling the "Advanced Features" view
Most of the RSAT tools hide content and menu options in their default setting. To enable all features and display the whole content in each program, go to the "View" menu and activate "Advanced Features". Typically this option is only visible, when you've marked the root of the tree view. E. g. in ADUC, you see the option in the "View" menu only when you have clicked to the "Active Directory Users and Computers" node.
Note about RSAT for Windows 10 - Server for NIS Tools
RSAT on Windows 10 doesn't ship the "Server for NIS Tools" any more. This means you don't have the "Unix attributes" tab in "Active Directory User and Computer" (ADUC) properties windows any more for filling those attributes in a form. However you can still edit the attributes via the "Attributes" tab in the ADUC properties (requires the advanced features option enabled). In the following, we list the attributes, that were filled by the fields on the "Unix Attributes" tab of previous RSAT versions:
- NIS Domain: msSFU30NisDomain
- UID: uidNumber
- Logon Shell: loginShell
- Home Directory: unixHomeDirectory
- Primary group name/GID: primaryGroupID
- NIS Domain: msSFU30NisDomain
- GID (Group ID): gidNumber
Note: This way requires manual tracking and incrementing the last used UID/GID!
Reporting incompatibilities and problems
If you encounter any problems using the Microsoft tools for administrating your Active Directory, please report a bug
As well as the problem description, please attach a level 10 debug log and if possible a network capture. It would also be a great help if you can provide a network capture against a Microsoft Server as comparison.