search for: adsiedit

Hi, About a year ago (I think I was using v4.2.x at the time), I extended the schema of my Samba AD. This worked just fine and since then I have been able to create and edit objects from my custom schema via ADSIEdit. This worked fine under 4.3.x as well - the last such object I successfully created was just over two months ago, at which point I was running some variant of 4.3.x (probably 4.3.5). However, last week I upgraded all my DCs to 4.4.0 (to take advantage of the LDAP_MATCHING_RULE_IN_CHAIN fix / bug 1...

...changes all the machine account uidNumbers to something that does not conflict with the user uidNumbers. The classicupgrade process completes with this. I haven't done any further testing yet, but this should resolve the issues that I was seeing because of the duplicated uidNumbers. Using ADSIEdit to look at a freshly installed domain, shows that computer accounts do not have uidNumber, gidNumber, etc assigned. I am therefore puzzled as to why the classicupgrade seems to need them. I am not sure what the end result should be with regards to the machine accounts after the classicupgrade...

Hi, A while ago I successfully set permissions on a section of my LDAP / AD tree, using either ADUC or ADSIEDIT (I forget which). These permissions allowed my own user to access this section of the tree; I removed permissions for 'Domain Admins' etc. to ensure that others would not be able to view or change the data - this has worked great for many months. I have just tried to add a new entry to thi...

...other errors which have now been found and fixed - thanks! However, I think something still isn't right in my domain; this is probably not the fault of 4.5.0 but rather an inconsistency caused when one of my DCs died and was rebuilt - however I'm now not sure where to look (presumably with ADSIEdit / ldbsearch) to check which object I need to remove / update. The symptom I can see is that running 'samba-tool drs showrepl' fails on one of my DCs, but works on the other two. On the failing DC I get the message: user at dc2:~ $ sudo /usr/local/samba/bin/samba-tool drs showrepl Failed t...

...an I ask something related? Once I had used '23456' as uid for some test > > account, ADUC always wants to go that high, although I have plenty of > space > > below that. Is there a way to get rid of this behavior? > This is stored in AD & documented here. You can use adsiedit or similar to change these values: https://wiki.samba.org/index.php/Administer_Unix_Attributes_in_AD_via_ADUC#Defining_the_next_UID.2FGID_to_use -- "If we knew what it was we were doing, it would not be called research, would it?" - Albert Einstein

...Mon, 2016-04-11 at 21:23 +0100, Jonathan Hunter wrote: > Hi, > > About a year ago (I think I was using v4.2.x at the time), I extended > the > schema of my Samba AD. This worked just fine and since then I have > been > able to create and edit objects from my custom schema via ADSIEdit. > This > worked fine under 4.3.x as well - the last such object I successfully > created was just over two months ago, at which point I was running > some > variant of 4.3.x (probably 4.3.5). > > However, last week I upgraded all my DCs to 4.4.0 (to take advantage > of &gt...

Hello I disabled samba4's user account , but can not see attribute "ms-DS-User-Account-Disabled" ( checked via adsiedit.msc ) is this attribute exist in samba4 schema ? Is there another attribute for this ?

...from removing them from DNS/LDAP where I found them. Perhaps I should have explicitly removed the DCs, before re-adding them? I may well not have removed them fully myself. Is there an easy place in AD where these UUIDs are stored - I'm happy to go through and remove stale entries myself using ADSIEdit or similar? Or would you recommend I temporarily remove each DC in turn using the demote tool, then re-add? (Would the demote tool remove *all* UUIDs from the DCs, or only the first one?) Is there some form of AD-checker tool, perhaps (either MS or Samba) that would check all the various LDAP entr...

On 11/04/16 21:23, Jonathan Hunter wrote: > Hi, > > About a year ago (I think I was using v4.2.x at the time), I extended the > schema of my Samba AD. This worked just fine and since then I have been > able to create and edit objects from my custom schema via ADSIEdit. This > worked fine under 4.3.x as well - the last such object I successfully > created was just over two months ago, at which point I was running some > variant of 4.3.x (probably 4.3.5). > > However, last week I upgraded all my DCs to 4.4.0 (to take advantage of > the LDAP_MATCH...

...onathan Hunter wrote: > > Hi, > > > > About a year ago (I think I was using v4.2.x at the time), I extended > > the > > schema of my Samba AD. This worked just fine and since then I have > > been > > able to create and edit objects from my custom schema via ADSIEdit. > > This > > worked fine under 4.3.x as well - the last such object I successfully > > created was just over two months ago, at which point I was running > > some > > variant of 4.3.x (probably 4.3.5). > > > > However, last week I upgraded all my DCs to 4....

Hi all, I'm trying to get the unix extensions working in AD. I'm obviously missing something, but I can't see what... I've just created user Jim (ADUC) and added a uidnumber (ADSIEdit). From this and what I have below, user Jim should have uidNumber of 12345 (from AD) and not be prefixed with Domain name. This isn't happening. Does anyone have any idea why not? cheers, Jim Excerpt from getent passwd: saned:x:110:117::/home/saned:/bin/false FASTFOOD\Administrator:*:0:100:...

On 04/01/16 01:43, Jonathan Hunter wrote: > Hi, > > A while ago I successfully set permissions on a section of my LDAP / AD > tree, using either ADUC or ADSIEDIT (I forget which). These permissions > allowed my own user to access this section of the tree; I removed > permissions for 'Domain Admins' etc. to ensure that others would not be > able to view or change the data - this has worked great for many months. > > I have just tried t...

> Garming asked you to see if you could locate > where the records got put the records by hand Sorry, I can't understand what you mean with "if you could locate where the records got put"... Are you're asking me to create the DNS record by hand with RSAT on SRVAD_OLD, then run samba-tool join again? If so, yes I've tried to create the record manually and re-run

...t; > Hi, >> > >> > About a year ago (I think I was using v4.2.x at the time), I extended >> > the >> > schema of my Samba AD. This worked just fine and since then I have >> > been >> > able to create and edit objects from my custom schema via ADSIEdit. >> > This >> > worked fine under 4.3.x as well - the last such object I successfully >> > created was just over two months ago, at which point I was running >> > some >> > variant of 4.3.x (probably 4.3.5). >> > >> > However, last week...

Hy Guys, I am trying to migrate to samba 4 and I need some help. So, I have a samba running with samba 3 and LDAP. Today I use my samba for auth of my e-mail, file server and several other applications. I use a WEB based LDAP administration program called goSA. I have Installed samba 4.8.4 on a test machine and create some users, the problem is, to keep my email and all functionality that I

On 18/05/2020 18:27, Alex wrote: >>>> 2. Why can't I query and/or delete it using standard means? >>> Probably because it is a wrong record ???? >>> Try running this on a DC: >>> ldbsearch --cross-ncs --show-binary -H /var/lib/samba/private/sam.ldb -b >>> 'DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com'

...ive in ldb context [0x560a67adb490] on tdb:///var/lib/samba/private/sam.ldb (never mind that this is now on DC1, not DC3, I've torn down the test environment a few times) Manual removal of 'CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=lan' in ADSIEdit didn't go well and caused all replication to break at some point. I must be missing something here but I can't quite figure out what exactly. Best regards, Pietro Stäheli

On 5 January 2016 at 15:02, Jonathan Hunter <jmhunter1 at gmail.com> wrote: > I'll try to use ldbedit to grant myself permissions on the OU again .. Is > ldbedit safe to use: > > - on a running Samba server (or do I need to stop samba) > - in a multi-DC environment (or do I need to run it and make the same > changes on each DC) > Answering my own question here... it

Thank you Rowland, I like your thinking - made sense to me. I had already allocated a GID to Domain Computers: [root at fileserver ~]# getent group Domain\ Computers domain computers:x:12345: however I just now tried adding a uidNumber attribute to one of my computer objects using ADSIEdit and hey presto, that computer now appears in 'getent passwd'! I wonder if there is some fix that could be made on the samba side - I don't know exactly how if I'm honest.. but for every domain computer I will now have to: - manually add a uidNumber attribute - manually reset the AD...

...On 11/04/16 21:23, Jonathan Hunter wrote: > >> Hi, >> >> About a year ago (I think I was using v4.2.x at the time), I extended the >> schema of my Samba AD. This worked just fine and since then I have been >> able to create and edit objects from my custom schema via ADSIEdit. This >> worked fine under 4.3.x as well - the last such object I successfully >> created was just over two months ago, at which point I was running some >> variant of 4.3.x (probably 4.3.5). >> >> However, last week I upgraded all my DCs to 4.4.0 (to take advantage of...