[Samba] Domain members not matching

Rowland Penny rpenny at samba.org
Tue Jan 3 19:45:08 UTC 2023

On 03/01/2023 19:04, Mark Foley via samba wrote:
> When I run samba-tool group listmembers "Domain Computers" I get a (correct) list of domain
> members.
> However, when I look at Active Directory Users and Computer on a Windows 10 workstation, I get
> a similar, but different list. Some which appear on the samba-tool list are missing altogether,
> some have different names and some on the WIN10 list are not on the samba-tool list (nor should
> they be).

Nested groups ???

A user (a computer is a special user) can be a member of a group by 
being a member of group that is a member of the group. This something 
that Samba does not do in the same way as Windows (how do deep do you go 
?), but if samba-tool shows a user as a member of a group, then Windows 
should also do the same, but not necessarily in reverse.

> Any idea why the mismatch? The samba-tool list is correct. The WIN10 list is not.
> Normally I remove a domain member via the ADUC program, but the member I want to remove now is
> not listed there. It is listed with samba-tool. How do I remove a domain member using
> samba-tool?

By 'remove', I take it you mean remove a computer from the domain, if 
so, then it is easy, 'net ads leave'


More information about the samba mailing list