Web lists-archives.com

Re: [Samba] Script to reset group memberships...




On Wed, 4 Oct 2017 16:53:19 +0200
Marco Gaiarin via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Mandi! Rowland Penny via samba
>   In chel di` si favelave...
> 
> > No need to do that, just use 'samba-tool user disable'
> 
> Ahem, Rowland, *I* *NEED* that.
> 
> For internal policies, users that leave my organization have to be
> 'sanitized', and on detail, memberships have to be reset.
> 
> 
> So, apart some complex scripting, there's some way to do that? If
> comlex scripting have to be used, what will be the best 'path' to
> achieve the result?
> 
> 
> Thanks.
> 

Ah, you said disable, when you meant 'delete'

You can do this 'samba-tool user delete username'

This will delete the user and the users membership of groups.

i.e.

dn: CN=Domain Admins,CN=Users,DC=samdom,DC=example,DC=com
......
member: CN=username,CN=Users,DC=samdom,DC=example,DC=com

Will become:

dn: CN=Domain Admins,CN=Users,DC=samdom,DC=example,DC=com
.............
member:
CN=username\0ADEL:f2fcc083-f6fa-4878-973f-b2a4f2a043e2,CN=Deleted Object

Then when the tombstone lifetime comes around, the record will
disappear.

This is standard for AD, you cannot totally remove the record in one
move, but for all intents and purposes, the records are deleted.

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba