?icro MEGAS
2014-Oct-27 22:05 UTC
[Samba] 3rd-party tool for creating users as alternative to ADUC
Hello list, I am using the Microsoft ADUC (Active Directory Users & Computers) tool from the RSAT suite for creating and modifying my domain users. I am aware of the "copy" functionality which really is very nice to use. Unfortunately I am missing two important actions during the user-creation process which I try to describe: 1.) When I use the template feauture (by using the "Copy..." user) command, the settings of the tab [Unix Attribute] cannot be copied to the new user created. So after I copied/created the new user, I have manually to open him, choose the [UNIX attribute] tab, then click on the "NIS-domain" field to choose/active MYDOM from the pull-down list. By doing so I am able to assign a uid to that user and thus allow my member server winbind process to enumerate that particular user so he is able to access shares on my member server. It would be really awesome if this step could be done magically without extra intervention. 2.) Let's say I am creating the user "John Doe". During the creation process, in the [Profile] tab I can choose to connect the home share of that particular user, for example: "Connect Z:\ to \\membersrv1\home\%username%" after I click the [OK] or [Apply] button, the ADUC tool automatically is creating on-the-fly the directory "\\membersrv1\home\johndoe" which works fine. That is a neat feauture but in my opinion it has one big disadvantage ==> the directory .\johndoe on the given share is created with the owner name of the user that is logged-in and using the ADUC tool. In that example, the owner of the directory "\\membersrv1\home\it-admin1" is "it-admin1". If I would have used "smbmap" feauture and thus would have mapped it-admin1 to the root account, the owner of that new automatically created directory would be "root". In conclusion, that is very normal and I did expect that behaviour. ADUC provides this feauture, but I would like to have the "owner = johndoe" in that case. ADUC cannot perform that, I understand it, so I would have to do a "chown johndoe /srv/samba/home/johndoe" to get the desired result. Is there any 3rd-party AD-user-tool available which could solve the mentioned points? Mirco.
Rowland Penny
2014-Oct-27 22:26 UTC
[Samba] 3rd-party tool for creating users as alternative to ADUC
On 27/10/14 22:05, ?icro MEGAS wrote:> Hello list, > > I am using the Microsoft ADUC (Active Directory Users & Computers) tool from the RSAT suite for creating and modifying my domain users. I am aware of the "copy" functionality which really is very nice to use. Unfortunately I am missing two important actions during the user-creation process which I try to describe: > > 1.) When I use the template feauture (by using the "Copy..." user) command, the settings of the tab [Unix Attribute] cannot be copied to the new user created. So after I copied/created the new user, I have manually to open him, choose the [UNIX attribute] tab, then click on the "NIS-domain" field to choose/active MYDOM from the pull-down list. By doing so I am able to assign a uid to that user and thus allow my member server winbind process to enumerate that particular user so he is able to access shares on my member server. > > It would be really awesome if this step could be done magically without extra intervention. > > 2.) Let's say I am creating the user "John Doe". During the creation process, in the [Profile] tab I can choose to connect the home share of that particular user, for example: "Connect Z:\ to \\membersrv1\home\%username%" after I click the [OK] or [Apply] button, the ADUC tool automatically is creating on-the-fly the directory "\\membersrv1\home\johndoe" which works fine. That is a neat feauture but in my opinion it has one big disadvantage ==> the directory .\johndoe on the given share is created with the owner name of the user that is logged-in and using the ADUC tool. In that example, the owner of the directory "\\membersrv1\home\it-admin1" is "it-admin1". If I would have used "smbmap" feauture and thus would have mapped it-admin1 to the root account, the owner of that new automatically created directory would be "root". In conclusion, that is very normal and I did expect that behaviour. ADUC provides this feauture, but I would like to have the "owner = johndoe" in that ca > se. ADUC cannot perform that, I understand it, so I would have to do a "chown johndoe /srv/samba/home/johndoe" to get the desired result. > > Is there any 3rd-party AD-user-tool available which could solve the mentioned points? > > Mirco.Does it have to be a GUI tool and if it doesn't, does it have to run on windows ??? Rowland
?icro MEGAS
2014-Oct-27 22:33 UTC
[Samba] 3rd-party tool for creating users as alternative to ADUC
> Comment from Rowland: > --------------------- > Does it have to be a GUI tool and if it doesn't, does it have to run on windows ???Hi Rowland, it would be preferrable, yes. The reason I am asking for such a tool is related to some of us IT-admins. There are people who are not involved with Linux and prompts at all, so I'd like to have a GUI tool, similar to ADUC. Any help appreciated. Thank you in advance. Mirco
Marc Muehlfeld
2014-Oct-29 19:14 UTC
[Samba] 3rd-party tool for creating users as alternative to ADUC
Hello Mirco, first: I don't know any alternative GUI tool for administrating AD. The only alternative could be to have a Samba AD based distro like Univention, that ships it's own administration tools. Am 27.10.2014 um 23:05 schrieb ?icro MEGAS:> 1.) When I use the template feauture (by using the "Copy..." user) command, the > settings of the tab [Unix Attribute] cannot be copied to the new > user created. So after I copied/created the new user, I have manually > to open him, choose the [UNIX attribute] tab, then click on the > "NIS-domain" field to choose/active MYDOM from the pull-down list. > By doing so I am able to assign a uid to that user and thus > allow my member server winbind process to enumerate > that particular user so he is able to access shares on my member server. > > It would be really awesome if this step could be > done magically without extra intervention.I think there's no way with ADUC.> 2.) Let's say I am creating the user "John Doe". During the creation > process, in the [Profile] tab I can choose to connect the home > share of that particular user, for example: "Connect Z:\ to > \\membersrv1\home\%username%" after I click the [OK] or > [Apply] button, the ADUC tool automatically is creating > on-the-fly the directory "\\membersrv1\home\johndoe" which > works fine. That is a neat feauture but in my opinion > it has one big disadvantage ==> the directory .\johndoe > on the given share is created with the owner name of the user > that is logged-in and using the ADUC tool.I think, this results from the ACLs you've set on the share. Here's an example guide: https://wiki.samba.org/index.php/Setting_up_a_home_share#Setting_up_the_share_and_filesystem_permissions (Not tested): Additionally you will add your it-admin group with full control or modify permissions to the security tab. Then click the advanced button and change the permissions of that group from "This folder, subfolders and files" to "This folder only". Regards, Marc
Reasonably Related Threads
- Samba4: Setting up share/security permissions for shares on member server
- roaming profile does not work for "Domain Admins"
- Samba4: "MYDOM\Administrator" quite useless on a member
- domain users "primary group" does not take effect in UNIX attributes (NIS)
- Samba4: "MYDOM\Administrator" quite useless on a member server?