[Samba] Maintaining Unix Attributes in AD - best practice?

Rowland Penny rpenny at samba.org
Thu May 24 18:45:46 UTC 2018


On Thu, 24 May 2018 12:12:54 +0200
Henry Jensen via samba <samba at lists.samba.org> wrote:

> Hello,
> 
> we are testing migration from a NT style Samba 3 domain to a Samba 4
> AD domain. As we are keeping RFC2307 Unix Attributes in the AD we also
> want to add them to future accounts.
> 
> Because the Unix Attributes tab is no lopnger available since Windows
> 10, I am looking for the best way to add Unix attibutes to users. 
> 
> I know that setting Unix attributes in Windows 10 ADUC tool is
> possible manually, but certainly not the best way. And keeping a
> Windows 7 station with RSAT tools online isn't the best solution
> either, especially when security support for Windows 7 runs out in
> 2020.
> 
> So, what would be the best was to add Unix attributes to AD? 
> I read on this list, that adding AD users with "samba-tool
> --uid-number" is discouraged.

Where did you read that ??
Of course you can use samba-tool, there are just two problems:
The first is that you cannot ADD posix attributes with 'samba-tool
user', you have to create the user with the attributes in the first
place. The second is, you have to track the uidNumber & gidNumber
attributes yourself, there is no automatic way of doing this. You could
always 'add' the two missing attributes and then write your own script
around 'samba-tool user create'

Rowland



More information about the samba mailing list