[Samba] Disabling or deleting domain "Administrator" account

Denis Cardon dcardon at tranquil.it
Mon Jun 17 09:32:57 UTC 2019

Hi Jonathon,
> A client is asking about disabling, deleting or renaming the domain
> "Administrator" account on a Samba AD. I've seen this done on Windows
> AD domains for security purposes.

administrator account is not nominative, and as such should not be used. 
So disabling it and creating personal domain admin (for example 
jdoe-adadm, different from the delegated admin account jdoe-adm, and 
different from the personal account jdoe) is recommended.

> Assuming the risk of being locked-out is mitigated (i.e. an equivalent
> user is created and is a member of the same groups), is there any
> reason this can't be done on a Samba AD as well?

like Andrew was saying, Samba-AD has an advantage here in the sense that 
Samba is just a service above your Linux OS (or whatever OS you are 
using). So if you need to re-enable it at some point, you can always ssh 
to the box and re-enable it.



> Is the "Administrator" account used for anything "special" that would
> cause problems if the account were disabled, deleted, or renamed?
> Thank you,
> Jonathon Reinhart

Denis Cardon
Tranquil IT
12 avenue Jules Verne (Bat. A)
44230 Saint Sébastien sur Loire (FRANCE)
tel : +33 (0) 240 975 755

Tranquil IT recrute! https://www.tranquil.it/nous-rejoindre/
Samba install wiki for Frenchies : https://dev.tranquil.it
WAPT, software deployment made easy : https://wapt.fr

More information about the samba mailing list