[Samba] Best way to access the AD database from scripts

Prunk Dump prunkdump at gmail.com
Thu Feb 4 09:50:05 UTC 2021

Hello Samba Team and users !

I wrote some scripts that interoperate with samba to manage users,
groups and some other AD objects. Everything works fine and I now want
to improve performance.

So I would like to know what is the best way in terms of performance
to read user/group/ou informations :
-> as domain controller
-> as domain member

It would be great also if the access has no latency. For example, as a
domain controller, wbinfo sometimes continues to give user information
just after deleting the user with samba-tool.

Is this better to use :

ldbsearch and access to sam.ldb directly ?
samba-tool ?
winbind with wbinfo ?
winbind with nsswitch tools : uid, getent, ... ?
the ldap:// protocol ?
the samba python library ?
net command ?
other ?

Thanks if someone can help me !



More information about the samba mailing list