Are there any command line options available to know the (user)account type?

Hemanth Thummala hemanth.thummala at nutanix.com
Fri Feb 16 22:41:32 UTC 2018


Rowland,

Actually, this is just a convenience available by default to search the machine accounts. Admins can create the users or group SamAccountname ending with dollar and make them to be part of Domain computers group.
Checking for $ or checking the primary group as “Domain computers” helps most of the scenarios. But it’s still not authoritative. 

-Hemanth.

On 16/02/18, 2:30 PM, "samba-technical on behalf of Rowland Penny via samba-technical" <samba-technical-bounces at lists.samba.org on behalf of samba-technical at lists.samba.org> wrote:

    On Fri, 16 Feb 2018 23:04:36 +0100
    Ralph Böhme via samba-technical <samba-technical at lists.samba.org> wrote:
    
    > On Fri, Feb 16, 2018 at 08:01:09PM +0000, Hemanth Thummala via
    > samba-technical wrote:
    > > Correct. Looks like that’s the only authoritative way to identify a
    > > machine account. We are able to get this information using
    > > ldapsearch query using anonymous bind.  But, we would like to know
    > > if this ldapsearch anonymous bind works all the time to query for
    > > “SamAccountType” attribute for any user account. Is there a
    > > possibility that this anonymous check can be blocked by placing any
    > > restrictions on the Active Directory objects?
    > 
    > duno, but on a member server why not bind with machine trust account
    > credentials and use net ads search:
    > 
    > # net ads search -P cn=NAME sAMAccountType
    > 
    > ?
    > 
    > -slow
    > 
    
    The thing to check for is the '$' on a computers samaccountname, you
    can do it with wbinfo:
    
    root at dc3:~# wbinfo -i dc3
    failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
    Could not get info for user dc3
    
    Okay user not found, so it either doesn't exist or is a computer
    
    root at dc3:~# wbinfo -i dc3$
    SAMDOM\dc3$:*:3000055:10000::/home/SAMDOM/dc3_:/bin/false
    
    Yes, it's a computer.
    
    root at dc3:~# wbinfo -i rowland
    SAMDOM\rowland:*:10000:10000::/home/SAMDOM/rowland:/bin/false
    
    This appears to be a user
    
    root at dc3:~# wbinfo -i rowland$
    failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
    Could not get info for user rowland$
    
    This proves it isn't a computer
    
    Rowland
    
    
    
    



More information about the samba-technical mailing list