net ads dns register against Samba DC allows what appears to be ordinary users to add DNS names?

Rowland Penny repenny241155 at
Thu Jun 30 16:00:12 UTC 2016

On 30/06/16 16:16, Richard Sharpe wrote:
> Hi folks,
> Using ldbmodify I managed to modify the userAccountControl field of
> the user I added and then used it to to try to add a DNS name.
> Imagine my surprise when I found that an ordinary user can add DNS addresses.
> I am pretty sure that Windows does not allow that.

I am fairly sure they can, I have been using a variant of a script to be 
found here:

And it uses a normal user updating a windows DC


> The samAccountType for the account was 805306368.
> Is there a bug in the Samba DC code there?

More information about the samba-technical mailing list