[Samba] Disabling or deleting domain "Administrator" account

Andrew Bartlett abartlet at samba.org
Mon Jun 17 05:10:36 UTC 2019

On Mon, 2019-06-17 at 01:01 -0400, Jonathon Reinhart via samba wrote:
> Hello,
> A client is asking about disabling, deleting or renaming the domain
> "Administrator" account on a Samba AD. I've seen this done on Windows
> AD domains for security purposes.
> Assuming the risk of being locked-out is mitigated (i.e. an equivalent
> user is created and is a member of the same groups), is there any
> reason this can't be done on a Samba AD as well?

Much less than on windows, because root can always edit the DB to put
it back. 

> Is the "Administrator" account used for anything "special" that would
> cause problems if the account were disabled, deleted, or renamed?

Don't delete it.  It should be fine to disable it and set a randompassword. 

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list