Are there any command line options available to know the (user)account type?
Hemanth Thummala
hemanth.thummala at nutanix.com
Fri Feb 16 22:41:32 UTC 2018
Rowland,
Actually, this is just a convenience available by default to search the machine accounts. Admins can create the users or group SamAccountname ending with dollar and make them to be part of Domain computers group.
Checking for $ or checking the primary group as “Domain computers” helps most of the scenarios. But it’s still not authoritative.
-Hemanth.
On 16/02/18, 2:30 PM, "samba-technical on behalf of Rowland Penny via samba-technical" <samba-technical-bounces at lists.samba.org on behalf of samba-technical at lists.samba.org> wrote:
On Fri, 16 Feb 2018 23:04:36 +0100
Ralph Böhme via samba-technical <samba-technical at lists.samba.org> wrote:
> On Fri, Feb 16, 2018 at 08:01:09PM +0000, Hemanth Thummala via
> samba-technical wrote:
> > Correct. Looks like that’s the only authoritative way to identify a
> > machine account. We are able to get this information using
> > ldapsearch query using anonymous bind. But, we would like to know
> > if this ldapsearch anonymous bind works all the time to query for
> > “SamAccountType” attribute for any user account. Is there a
> > possibility that this anonymous check can be blocked by placing any
> > restrictions on the Active Directory objects?
>
> duno, but on a member server why not bind with machine trust account
> credentials and use net ads search:
>
> # net ads search -P cn=NAME sAMAccountType
>
> ?
>
> -slow
>
The thing to check for is the '$' on a computers samaccountname, you
can do it with wbinfo:
root at dc3:~# wbinfo -i dc3
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user dc3
Okay user not found, so it either doesn't exist or is a computer
root at dc3:~# wbinfo -i dc3$
SAMDOM\dc3$:*:3000055:10000::/home/SAMDOM/dc3_:/bin/false
Yes, it's a computer.
root at dc3:~# wbinfo -i rowland
SAMDOM\rowland:*:10000:10000::/home/SAMDOM/rowland:/bin/false
This appears to be a user
root at dc3:~# wbinfo -i rowland$
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user rowland$
This proves it isn't a computer
Rowland
More information about the samba-technical
mailing list