[Samba] Script to reset group memberships...

Rowland Penny rpenny at samba.org
Wed Oct 4 15:22:18 UTC 2017


On Wed, 4 Oct 2017 16:53:19 +0200
Marco Gaiarin via samba <samba at lists.samba.org> wrote:

> Mandi! Rowland Penny via samba
>   In chel di` si favelave...
> 
> > No need to do that, just use 'samba-tool user disable'
> 
> Ahem, Rowland, *I* *NEED* that.
> 
> For internal policies, users that leave my organization have to be
> 'sanitized', and on detail, memberships have to be reset.
> 
> 
> So, apart some complex scripting, there's some way to do that? If
> comlex scripting have to be used, what will be the best 'path' to
> achieve the result?
> 
> 
> Thanks.
> 

Ah, you said disable, when you meant 'delete'

You can do this 'samba-tool user delete username'

This will delete the user and the users membership of groups.

i.e.

dn: CN=Domain Admins,CN=Users,DC=samdom,DC=example,DC=com
......
member: CN=username,CN=Users,DC=samdom,DC=example,DC=com

Will become:

dn: CN=Domain Admins,CN=Users,DC=samdom,DC=example,DC=com
.............
member:
CN=username\0ADEL:f2fcc083-f6fa-4878-973f-b2a4f2a043e2,CN=Deleted Object

Then when the tombstone lifetime comes around, the record will
disappear.

This is standard for AD, you cannot totally remove the record in one
move, but for all intents and purposes, the records are deleted.

Rowland




More information about the samba mailing list