[Samba] How to provision many users with unix Attributes without RSAT

Rowland Penny rowlandpenny at googlemail.com
Fri Jan 23 02:37:40 MST 2015

On 23/01/15 08:36, Luis Sanchez wrote:
> Hi,
> I would like to provision a huge number of users to a Samba AD/DC and I
> would like to have the unix attributes set too. I don't want to use the
> RSAT GUI and manually set each.
> Is there any tool or script I can use to get that?
> I have identified some attributes in the AD that are added when I set unix
> attributes with RSAT GUI. However there must be more changes...
> These are the attributes:
> msSFU30Name:
> msSFU30NisDomain:
> loginShell:
> gidNumber:
> uid:
> uidNumber:
> unixHomeDirectory:
> unixUserPassword::
> I don't know how the unixUserPassword is obtained.
> The uid and uidNumber must be unique afaik, but there must be a last used
> uid or something... If I add the unix attributes manually without the RSAT
> GUI (the uid is the next free one) when I run the RSAT GUI on another user
> it chooses a uid already used.
> Thank you!
> Best regards.

You can do this with ldbmodify by writing your own script.

I also think that you are getting a bit mixed up over 'uid' & 
'uidNumber'. The 'uid' attribute should contain what is in 
'sAMAccountName' and uidNumber is a unique number to identify the user 
on Unix.

'unixUserPassword' will for the present contain 'ABCD!efgh12345$67890', 
this is the default if unix password sync is not enabled and at present 
you cannot enable it on a Samba AD DC.

You also need to know about a couple more attributes 
'msSFU30MaxUidNumber' & 'msSFU30MaxGidNumber', these attributes hold the 
next available 'uidNumber' & 'gidNumber' and both start from '10000' if 
you use ADUC. These attributes do not exist as standard and will need to 
be created, they need to be added to 


More information about the samba mailing list