[Samba] samba-tool modifying AD
Rowland Penny
rpenny at samba.org
Fri Aug 26 21:06:58 UTC 2016
On Sat, 27 Aug 2016 08:33:02 +1200
Andrew Bartlett <abartlet at samba.org> wrote:
> On Mon, 2016-08-22 at 09:21 +0100, Rowland Penny via samba wrote:
> > On Mon, 22 Aug 2016 13:38:06 +1200
> > Andrew Bartlett via samba <samba at lists.samba.org> wrote:
> >
> > >
> > > On Sat, 2016-08-20 at 18:29 -0700, David Bear via samba wrote:
> > > >
> > > > Is it possible to use the samba-tool to create/update user
> > > > accounts
> > > > in a
> > > > standard windows AD domain ?
> > >
> > > Yes.
> > >
> > > Andrew Bartlett
> > >
> >
> > Well, yes, you can create new users with samba-tool, but update
> > them, that would be a very big NO
>
> Rowland,
>
> What breaks specifically for you? The tools are expected to manage a
> Windows server in the same way as a Samba one, for operations
> performed over LDAP. If there is a difference in the behaviour, we
> should be logging a bug and testing for that.
>
> Given your comments presumably you have hit such an issue?
>
> Thanks,
>
> Andrew Bartlett
>
Andrew, you know that whilst you can create a user with samba-tool,
even adding the RFC2307 attributes whilst creating the user, you cannot
add the RFC2307 atrributes to a user created on ADUC with samba-tool,
you also cannot change individual attributes with samba-tool.
You also know that I proposed patches to allow samba-tool to add the
RFC2307 attributes and they came to nothing.
I even told you that Windows 10 doesn't have IDMU, so there is no way
to add RFC2307 attributes from win10, apart from attribute by attibute.
What do suggest now ?
Rowland
More information about the samba
mailing list