Mandi! Rowland Penny via samba In chel di` si favelave...> No need to do that, just use 'samba-tool user disable'Ahem, Rowland, *I* *NEED* that. For internal policies, users that leave my organization have to be 'sanitized', and on detail, memberships have to be reset. So, apart some complex scripting, there's some way to do that? If comlex scripting have to be used, what will be the best 'path' to achieve the result? Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
On Wed, 4 Oct 2017 16:53:19 +0200 Marco Gaiarin via samba <samba at lists.samba.org> wrote:> Mandi! Rowland Penny via samba > In chel di` si favelave... > > > No need to do that, just use 'samba-tool user disable' > > Ahem, Rowland, *I* *NEED* that. > > For internal policies, users that leave my organization have to be > 'sanitized', and on detail, memberships have to be reset. > > > So, apart some complex scripting, there's some way to do that? If > comlex scripting have to be used, what will be the best 'path' to > achieve the result? > > > Thanks. >Ah, you said disable, when you meant 'delete' You can do this 'samba-tool user delete username' This will delete the user and the users membership of groups. i.e. dn: CN=Domain Admins,CN=Users,DC=samdom,DC=example,DC=com ...... member: CN=username,CN=Users,DC=samdom,DC=example,DC=com Will become: dn: CN=Domain Admins,CN=Users,DC=samdom,DC=example,DC=com ............. member: CN=username\0ADEL:f2fcc083-f6fa-4878-973f-b2a4f2a043e2,CN=Deleted Object Then when the tombstone lifetime comes around, the record will disappear. This is standard for AD, you cannot totally remove the record in one move, but for all intents and purposes, the records are deleted. Rowland
Mandi! Rowland Penny via samba In chel di` si favelave...> Ah, you said disable, when you meant 'delete'No, i meant exactly 'disabled'. Try to be more clearer: a) i cannot delete accounts, at least for years, because local law mandates accountability, and so i need SID/UID. OK, i can save SID/UID elsewhere, but... b) i want to ''reset'' group membership because if users come back (sometimes happen ;) i can't, even by accident, restore their original memberships. Better now? Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
Reasonably Related Threads
- Script to reset group memberships...
- Script to reset group memberships...
- WARNING: no target object found for GUID component link lastKnownParent in deleted object
- WARNING: no target object found for GUID component link lastKnownParent in deleted object
- Error after upgrade NT_STATUS_INTERNAL_DB_CORRUPTION