From SambaWiki
Revision as of 21:19, 19 April 2011 by TheresaHalloran (talk | contribs)


This wiki page will document the current externals of the samba-tool command with proposed changes to be made for consistency and usability.

The proposed format for all new / existing functions on the samba-tool command are as follows:

samba-tool <object> <action> <options>

Current commands listed in in samba 4 Version 4.0.0alpha15-GIT-b12fbc2

samba-tools current commands:

Object Description Parameters Options Proposed Changes
acl get or set acls on a file nt(file), ds(directory object) add options
domainlevel Raises domain and forest function level show or raise add options
drs various directory replication services bind, kcc, replicate, showrepl, options add options
enableaccount enable a user username Change to user enableaccount to be consistent with object action
export Dumps kerberos keys of the domain into a keytab keytab Change to keytab export to be consistent with object action
fsmo Makes the target DC transfer or seize fsmo role (server connection needed) show, transfer, seize Add options
group Add or delete groups or add members to or remove members from a group add, delete, addmembers, removemembers
gpo2 List group policies listall or list
join Join a domain as either a member or a backup domain controller (server connection required) dns domain add options Change command to DOMAIN [JOINDC JOINRODC, JOINMEMBER, options] so consistent with object action format.
not sure is the object of the join a domain?
ldapcmp compare two ldap databases URL1, URL2 add options Change to split into ldap compare.
machinepw get machine PW out of SAM Change to password machine show
newuser combine function with user create
pwsettings Sets password settings show or set
password set or change password, user re-write into python
code similar to gpo to tell me local or not
add machinepw to this command: password machine show
setexpiry Sets the expiration of a user account [username] add options Change to user setexpiry [username]?
setpassword set user password locally, need write access to ldb files Use password command
combine both commands local and remote into one external
time Retrieve the time on a remote server (server connection needed) [server-name] Change format
user create or delete a user create, delete options Add enable, add setexpiry?
vampire Join and synchronise a remote AD domain to the local server (server connection needed) domain hmmm...