[Samba] Automating creation of OUs, security groups and GPOs, in Samba AD DC
Mason Schmitt
mason at ftlcomputing.com
Sat Apr 27 00:36:47 UTC 2019
Hello,
I'm trying to automate the creation of several small samba AD DCs, each
with a different domain. Samba tool works fine for creating a brand new
domain, but I haven't seen any functionality for manipulating the directory
structure of a new domain. Specifically, I'd like to automate the creation
of a standard set of OUs, security groups and GPOs. I'm wondering whether
any/all of these three tasks can be accomplished by doing an LDIF export
from an existing DC, changing the 'DC=' entries to match the new domain and
then importing the LDIF?
It has been well over 10 years since I last messed around with command line
LDAP tools, so any hints/suggestions are most welcome!
To clarify, here's a rough example of the directory structure I'm trying to
add and the security groups I want to create:
DC=<Unique domain>
OU=AD Users
CN=front_office # each of these is a domain global security group
CN=managers
CN=engineers
OU=AD Computers
OU=PCs
OU=Servers
OU=AD Resources
CN=fs_shared_modify # each of these is a domain local security
group
CN=fs_archive_ro
CN=pr_colour
CN=pr_bw
As for GPOs, I want to have a standard set of GPOs that are loaded into
sysvol and linked to the appropriate OUs in the above structure. Again, I
can create, by hand, using RSAT, all of the GPOs I want, but I'm not sure
whether/how I can export->modify->import into a new domain.
Thanks!
--
Mason
More information about the samba
mailing list