[Samba] Automating creation of OUs, security groups and GPOs, in Samba AD DC

Mason Schmitt mason at ftlcomputing.com
Sat Apr 27 00:36:47 UTC 2019


I'm trying to automate the creation of several small samba AD DCs, each
with a different domain.  Samba tool works fine for creating a brand new
domain, but I haven't seen any functionality for manipulating the directory
structure of a new domain.  Specifically, I'd like to automate the creation
of a standard set of OUs, security groups and GPOs.  I'm wondering whether
any/all of these three tasks can be accomplished by doing an LDIF export
from an existing DC, changing the 'DC=' entries to match the new domain and
then importing the LDIF?

It has been well over 10 years since I last messed around with command line
LDAP tools, so any hints/suggestions are most welcome!

To clarify, here's a rough example of the directory structure I'm trying to
add and the security groups I want to create:

DC=<Unique domain>
    OU=AD Users
        CN=front_office    # each of these is a domain global security group
    OU=AD Computers
    OU=AD Resources
        CN=fs_shared_modify     # each of these is a domain local security

As for GPOs, I want to have a standard set of GPOs that are loaded into
sysvol and linked to the appropriate OUs in the above structure.  Again, I
can create, by hand, using RSAT, all of the GPOs I want, but I'm not sure
whether/how I can export->modify->import into a new domain.




More information about the samba mailing list