[Samba] Samba 4 Restrict User Create

Marc Muehlfeld mmuehlfeld at samba.org
Fri Nov 14 11:24:00 MST 2014

Hello Greg,

Am 14.11.2014 um 06:33 schrieb Greg Zartman:
> Is it possible to restrict where users can be created in a Samba 4 AD
> Domain?

You can use directory ACLs and delegations in ADUC, to set permissions
on the domain/OUs/etc.

> What if I want to restrict user creation to only the server where samba is
> running?

This isn't very specific. Can you give a concrete example, please?

If you are talking about a Samba AD DC: All AD users are stored inside
the AD. With that, they are domain/forest wide available - depending on
your Member Server/client configuration.

If you're talking about local users on Member Server: This is already
limited. Use privileges to define who is allowed to create local
accounts on Members.


More information about the samba mailing list