Are there any command line options available to know the (user)account type?

[Rowland Penny]

On Fri, 16 Feb 2018 23:04:36 +0100
Ralph Böhme via samba-technical <samba-technical at lists.samba.org> wrote:

> On Fri, Feb 16, 2018 at 08:01:09PM +0000, Hemanth Thummala via
> samba-technical wrote:
> > Correct. Looks like that’s the only authoritative way to identify a
> > machine account. We are able to get this information using
> > ldapsearch query using anonymous bind.  But, we would like to know
> > if this ldapsearch anonymous bind works all the time to query for
> > “SamAccountType” attribute for any user account. Is there a
> > possibility that this anonymous check can be blocked by placing any
> > restrictions on the Active Directory objects?
> 
> duno, but on a member server why not bind with machine trust account
> credentials and use net ads search:
> 
> # net ads search -P cn=NAME sAMAccountType
> 
> ?
> 
> -slow
> 

The thing to check for is the '$' on a computers samaccountname, you
can do it with wbinfo:

root at dc3:~# wbinfo -i dc3
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user dc3

Okay user not found, so it either doesn't exist or is a computer

root at dc3:~# wbinfo -i dc3$
SAMDOM\dc3$:*:3000055:10000::/home/SAMDOM/dc3_:/bin/false

Yes, it's a computer.

root at dc3:~# wbinfo -i rowland
SAMDOM\rowland:*:10000:10000::/home/SAMDOM/rowland:/bin/false

This appears to be a user

root at dc3:~# wbinfo -i rowland$
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user rowland$

This proves it isn't a computer

Rowland