samba - Jan 2023 - Domain members not matching

When I run samba-tool group listmembers "Domain Computers" I get a
(correct) list of domain
members.

However, when I look at Active Directory Users and Computer on a Windows 10
workstation, I get
a similar, but different list. Some which appear on the samba-tool list are
missing altogether,
some have different names and some on the WIN10 list are not on the samba-tool
list (nor should
they be).

Any idea why the mismatch? The samba-tool list is correct. The WIN10 list is
not.

Normally I remove a domain member via the ADUC program, but the member I want to
remove now is
not listed there. It is listed with samba-tool. How do I remove a domain member
using
samba-tool?

--Mark

On 03/01/2023 19:04, Mark Foley via samba wrote:
> When I run samba-tool group listmembers "Domain Computers" I get
a (correct) list of domain
> members.
> 
> However, when I look at Active Directory Users and Computer on a Windows 10
workstation, I get
> a similar, but different list. Some which appear on the samba-tool list are
missing altogether,
> some have different names and some on the WIN10 list are not on the
samba-tool list (nor should
> they be).
Nested groups ???

A user (a computer is a special user) can be a member of a group by 
being a member of group that is a member of the group. This something 
that Samba does not do in the same way as Windows (how do deep do you go 
?), but if samba-tool shows a user as a member of a group, then Windows 
should also do the same, but not necessarily in reverse.
> 
> Any idea why the mismatch? The samba-tool list is correct. The WIN10 list
is not.
> 
> Normally I remove a domain member via the ADUC program, but the member I
want to remove now is
> not listed there. It is listed with samba-tool. How do I remove a domain
member using
> samba-tool?
By 'remove', I take it you mean remove a computer from the domain, if 
so, then it is easy, 'net ads leave'

Rowland