[Samba] samba-tool group removemembers, not working
Rowland penny
rpenny at samba.org
Tue May 28 20:05:40 UTC 2019
On 28/05/2019 20:31, Mark Foley via samba wrote:
> Denis if all you say is true, "misleading" is wildly understated. You say I can test with
> different groups other than "Domain Computer". I'm not sure where I would even begin since,
> well, this *is* a Domain Computer. I've included my list of groups (samba-tool group list)
> below. Do you have a suggestion where a domain member computer might really be? I've done a
> listmembers of each of these groups and the only one in which I find MARKA is "Domain
> Computers".
>
Hi Mark, can I ask just what you are trying to achieve ?
When you join a computer to the domain a computer object is created in
cn=Computers,dc=whatever,dc=yourdomain,dc=is
If you examine an object for a computer you will find that there is this:
primaryGroupID: 515
The '515' is the RID for 'Domain Computers'.
What you will not find is the attribute 'memberof' pointing to 'Domain
Computers.
If you remember that a computer is a special user and that normal users
are members of 'Domain Users' and you cannot remove a user from 'Domain
Users'.
When you remove a user from a normal group, what you actually do is to
delete the users 'member' attribute from the groups object, this
automatically removes the 'memberof' attribute from the users object,
these type of links are referred to as 'backlinks'. I hope you can see
that trying to remove a computer from Domain Computers will not work
because the 'backlinks' do not exist.
Rowland
More information about the samba
mailing list