[Samba] Script to reset group memberships...
Rowland Penny
rpenny at samba.org
Wed Oct 4 15:22:18 UTC 2017
On Wed, 4 Oct 2017 16:53:19 +0200
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
>
> > No need to do that, just use 'samba-tool user disable'
>
> Ahem, Rowland, *I* *NEED* that.
>
> For internal policies, users that leave my organization have to be
> 'sanitized', and on detail, memberships have to be reset.
>
>
> So, apart some complex scripting, there's some way to do that? If
> comlex scripting have to be used, what will be the best 'path' to
> achieve the result?
>
>
> Thanks.
>
Ah, you said disable, when you meant 'delete'
You can do this 'samba-tool user delete username'
This will delete the user and the users membership of groups.
i.e.
dn: CN=Domain Admins,CN=Users,DC=samdom,DC=example,DC=com
......
member: CN=username,CN=Users,DC=samdom,DC=example,DC=com
Will become:
dn: CN=Domain Admins,CN=Users,DC=samdom,DC=example,DC=com
.............
member:
CN=username\0ADEL:f2fcc083-f6fa-4878-973f-b2a4f2a043e2,CN=Deleted Object
Then when the tombstone lifetime comes around, the record will
disappear.
This is standard for AD, you cannot totally remove the record in one
move, but for all intents and purposes, the records are deleted.
Rowland
More information about the samba
mailing list