[Samba] Howto set/reset/reaad computer account password with samba-4.9.x examples?

Denis Cardon dcardon at tranquil.it
Thu Jan 17 07:45:53 UTC 2019

Hi Oliver,

Le 01/16/2019 à 10:03 PM, Oliver Rath via samba a écrit :
> Hi list,
> I want to perform a domain join of a computer to a given machine account
> with reusing it, not overwriting. For this I think, it is the right way
> (for a unattend.xml) to use the <machinePassword> described here:
> https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-unattendedjoin-identification#child-elements
> in the new feature list of samba 4.9.x is written "The 'samba-tool
> computer' command allow manipulation of computer accounts including
> creating a new computer and resetting the password. This allows an
> 'offline join' of a member server or workstation to the Samba AD domain."

There has been a thread on the samba-technical mailing list about 
djoin.exe et al. You may take a look at it :


You'll need both a way to create/reset the account (and get the clear 
text shared secret), then re-inject it on the domain member in the 
secrets.tdb file.



> Unfortunatly I dont find any example for
>   * resetting the password (the "setpassword" from user command doesnt
>     work, maybe simply --password?)
>   * creating a computer with a given machine password (maybe simply
>     --password,too ?)
>   * reading the machine password from AD (there i found some old variant
>     which didnt work, tested with Win81-clients)
>   * perform an offline join with a previously given/read-from-ad machine
>     password
> Is this possible, some examples anywhere?
> Tfh!
> Oliver

Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0)

Samba install wiki for Frenchies : https://dev.tranquil.it
WAPT, software deployment made easy : https://wapt.fr

More information about the samba mailing list