Hi guys! Do you know if there is a away to rename a list of samba 4 user accounts ? I need to change a list of 2000 users from "login name" to a "login number" i would not like to do this one by one. I know that in windows server i can do using powershell script, but it doesn´t work with samba. If you have any ideia on how to do this i appreciate. Thanks!! -- ------------------------------------------- Edson Tadeu Almeida Silveira http://sites.google.com/site/edsontadeu/ -------------------------------------------
On Mon, 13 Mar 2017 14:35:00 -0300 Edson Tadeu Almeida da Silveira via samba <samba at lists.samba.org> wrote:> Hi guys! > > Do you know if there is a away to rename a list of samba 4 user > accounts ? > > I need to change a list of 2000 users from "login name" to a "login > number" i would not like to do this one by one. > > I know that in windows server i can do using powershell script, but it > doesn´t work with samba. > > If you have any ideia on how to do this i appreciate. > > Thanks!! >You could write a script around ldbrename, see 'man ldbrename' Rowland
On Tue, 21 Mar 2017 16:23:13 -0300 Edson Tadeu Almeida da Silveira <edson.tadeu at gmail.com> wrote:> Hi Rowland. > > After change users name and properties i had a problem when searching > them with windows administration tool. > > All users that i have changed i cant find with search tool. > > Do you known if there is something i can do? > > Thanks!!!Not sure, did they actually rename ? I take it you tried with just one for a start I have just tried it myself and it works for me: ldbrename -H /usr/local/samba/private/sam.ldb CN=User8,CN=Users,DC=test,DC=tld CN=User20,CN=Users,DC=test,DC=tld Renamed 1 record Created an ldif /tmp/user.ldif dn: CN=User20,CN=Users,DC=test,DC=tld changetype: modify - replace: sAMAccountName sAMAccountName: User20 - replace: userPrincipalName userPrincipalName: User20 at test.tld I didn't bother trying to change the 'cn' to itself ;-) I then ran ldbmodify on the ldif: ldbmodify -H /usr/local/samba/private/sam.ldb /tmp/user.ldif Try to find the user by its new name: ldbsearch -H /usr/local/samba/private/sam.ldb -b CN=Users,DC=test,DC=tld -s sub '(samaccountname=User20)' dn: CN=User20,CN=Users,DC=test,DC=tld objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user instanceType: 4 whenCreated: 20170318131326.0Z uSNCreated: 3840 objectGUID: 02149d6b-a6a7-43fc-bf1e-3de5b6cb0c3d badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 primaryGroupID: 513 objectSid: S-1-5-21-799899434-4025241831-2425910908-1110 accountExpires: 9223372036854775807 logonCount: 0 sAMAccountType: 805306368 objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=test,DC=tld uid: User8 uidNumber: 10006 gidNumber: 10000 gecos: User8 loginShell: /bin/bash unixHomeDirectory: /home/User8 msSFU30NisDomain: test msSFU30Name: User8 unixUserPassword: ABCD!efgh12345$67890 pwdLastSet: 131343164067988970 userAccountControl: 512 cn: User20 name: User20 sAMAccountName: User20 userPrincipalName: User20 at test.tld whenChanged: 20170321195521.0Z uSNChanged: 3890 distinguishedName: CN=User20,CN=Users,DC=test,DC=tld # returned 1 records # 1 entries # 0 referrals Rowland
On Tue, 21 Mar 2017 21:12:03 -0300 Edson Tadeu Almeida da Silveira <edson.tadeu at gmail.com> wrote:> When i use ldbrename and ldbmodify without set "cn: " in my ldif, the > "cn" field don't change.That might be your problem, you do not use an ldif with ldbrename, the command is: ldbrename -H /usr/local/samba/private/sam.ldb \ CN=ldap05,CN=Users,DC=samdom,DC=example,DC=com \ CN=User20,CN=Users,DC=samdom,DC=example,DC=com i.e. ldbrename -H /path/to/sam.ldb users_old_dn users_new_dn You need to run this on the DC. This will change the 'cn' as well, it has to, because 'cn' has to be the same as the first part of the user DN, in this case 'CN=ldap05' or to be even more blunt, look at the first two letters of 'CN=ldap05'> > This is because i set it in file.ldif.You do not need 'cn' in the secondary ldif, you just need something like this: dn: CN=User20,CN=Users,DC=samdom,DC=example,DC=com changetype: modify - replace: displayName displayName: User20 - replace: sAMAccountName sAMAccountName: User20 - replace: msSFU30Name msSFU30Name: User20 - replace: userPrincipalName userPrincipalName: User20 at samdom.example.com i.e. the users new DN and any attributes that require changing.> > But the problem is after this change, i go to ADUC and try to search > this renamed user and it didn't give any return to me.It should, have you tried refreshing the view ?> Beside that, > its look like the users lose their group relation when renaming using > shell.They shouldn't, the link should be updated. Rowland
On Wed, 22 Mar 2017 07:13:59 -0300 Edson Tadeu Almeida da Silveira <edson.tadeu at gmail.com> wrote:> So... > > It´s appears not to working for me. I´m doing exactly this: > > ldbrename -H tdb://samba/private/sam.ldb.d/DC=DOMAIN,DC=LOCAL.ldb > "CN=user01,OU=Users,DC=domain,DC=local" > "CN=user02,OU=Users,DC=domain,DC=local" > ldbrename -H tdb://samba/private/sam.ldb.d/DC=DOMAIN,DC=LOCAL.ldb > "CN=user05,OU=Users,DC=domain,DC=local" > "CN=user06,OU=Users,DC=domain,DC=local" > > > The ldif is only to correct some fields after renaming... > > I did all that you have said... do you thing it should be a problem > with my samba version ? (4.4.10) >Well, I am doing (using the info above) this: ldbrename -H /samba/private/sam.ldb CN=user01,OU=Users,DC=domain,DC=local CN=user02,OU=Users,DC=domain,DC=local And, altering what you are doing, makes me hope you are doing this in a test domain!! DO NOT DIRECTLY ALTER the ldb files under sam.ldb.d You could damage your AD if you do. Rowland