[Samba] samba-tool group removemembers, not working
Mark Foley
mfoley at ohprs.org
Tue May 28 19:31:00 UTC 2019
On Tue, 28 May 2019 11:04:01 +0200 Denis Cardon <dcardon at tranquil.it> wrote:
> Hi Mark,
>
> > Because of other issues using ADUC, I tried to remove a domain member using:
> >
> >> samba-tool group removemembers "Domain Computers" MARKA\$
> > Removed members from group Domain Computers
> >
> > As shown, it say it "Removed members", but ...
> >
> >> samba-tool group listmembers "Domain Computers"
> > :
> > LABRAT$
> > :
> > OHPRSSTORAGE$
> > MARKA$
> > :
> > COMMON$
> > :
> >
> > listmembers still shows the computer as a member of "Domain Computers". What's up with this?
>
> "Domain Computers" is the primaryGroupID of AD joined computer (515).
> The computer object is a member not because it is listed in the group
> membership, but because of its primaryGroupID attribute. If you want to
> get it out of "domain computers", you have to change that attribute to
> something else.
>
> You can test with a different group than "Domain computers" or "Domain
> computers", it will work as intended.
>
> I admit that the message is misleading though. By the way, why do you
> want to remove that computer from "Domain Computers" group?
>
> Cheers,
>
> Denis
>
> >
> > Samba Version 4.8.2
> >
> > THX --Mark
> >
>
Denis if all you say is true, "misleading" is wildly understated. You say I can test with
different groups other than "Domain Computer". I'm not sure where I would even begin since,
well, this *is* a Domain Computer. I've included my list of groups (samba-tool group list)
below. Do you have a suggestion where a domain member computer might really be? I've done a
listmembers of each of these groups and the only one in which I find MARKA is "Domain
Computers".
Incoming Forest Trust Builders
Network Configuration Operators
Domain Guests
Domain Controllers
Domain Computers
Group Policy Creator Owners
Replicator
Cert Publishers
Account Operators
Event Log Readers
Enterprise Admins
Cryptographic Operators
Schema Admins
Performance Log Users
Backup Operators
Domain Admins
Allowed RODC Password Replication Group
Print Operators
Server Operators
DnsAdmins
Certificate Service DCOM Access
Users
IIS_IUSRS
Denied RODC Password Replication Group
Performance Monitor Users
Remote Desktop Users
DnsUpdateProxy
Pre-Windows 2000 Compatible Access
HPRS Remote Desktop Users
Windows Authorization Access Group
Enterprise Read-Only Domain Controllers
Guests
Read-Only Domain Controllers
Terminal Server License Servers
Distributed COM Users
HPRS Redirected Folders
Administrators
RAS and IAS Servers
Domain Users
> --
> Denis Cardon
> Tranquil IT
> 12 avenue Jules Verne (Bat. A)
> 44230 Saint Sébastien sur Loire (FRANCE)
> tel : +33 (0) 240 975 755
> http://www.tranquil.it
>
> Tranquil IT recrute! https://www.tranquil.it/nous-rejoindre/
> Samba install wiki for Frenchies : https://dev.tranquil.it
> WAPT, software deployment made easy : https://wapt.fr
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list