samba-tool (8)

samba-tool [-h] [-W myworkgroup] [-U user] [-d debuglevel] [--v]

This tool is part of the samba(7) suite.

-h|--help

Show this help message and exit

--realm=REALM

Set the realm name

--simple-bind-dn=DN

DN to use for a simple bind

--password=PASSWORD

Password

-U USERNAME|--username=USERNAME

Username

-W WORKGROUP|--workgroup=WORKGROUP

Workgroup

-N|--no-pass

Don't ask for a password

-k KERBEROS|--kerberos=KERBEROS

Use Kerberos

--ipaddress=IPADDRESS

IP address of the server

-d|--debuglevel=level

level is an integer from 0 to 10. The default value if this parameter is not specified is 1.

The higher this value, the more detail will be logged to the log files about the activities of the server. At level 0, only critical errors and serious warnings will be logged. Level 1 is a reasonable level for day-to-day running - it generates a small amount of information about operations carried out.

Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

Note that specifying this parameter here will override the \m[blue]log level\m[] parameter in the smb.conf file.

-V|--version

Prints the program version number.

-s|--configfile=<configuration file>

The file specified contains the configuration details required by the server. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide. See smb.conf for more information. The default configuration file name is determined at compile time.

-l|--log-basename=logdirectory

Base directory name for log/debug files. The extension ".progname" will be appended (e.g. log.smbclient, log.smbd, etc...). The log file is never removed by the client.

--option=<name>=<value>

Set the smb.conf(5) option "<name>" to value "<value>" from the command line. This overrides compiled-in defaults and options read from the configuration file.

dbcheck

Check the local AD database for errors.

delegation

Manage Delegations.

delegation add-service accountname principal [options]

Add a service principal as msDS-AllowedToDelegateTo.

delegation del-service accountname principal [options]

Delete a service principal as msDS-AllowedToDelegateTo.

delegation for-any-protocol accountname [(on|off)] [options]

Set/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (S4U2Proxy) for an account.

delegation for-any-service accountname [(on|off)] [options]

Set/unset UF_TRUSTED_FOR_DELEGATION for an account.

delegation show accountname [options]

Show the delegation setting of an account.

dns

Manage Domain Name Service (DNS).

dns add server zone name A|AAAA|PTR|CNAME|NS|MX|SRV|TXT data

Add a DNS record.

dns delete server zone name A|AAAA|PTR|CNAME|NS|MX|SRV|TXT data

Delete a DNS record.

dns query server zone name A|AAAA|PTR|CNAME|NS|MX|SRV|TXT|ALL [options] data

Query a name.

dns roothints server [name] [options]

Query root hints.

dns serverinfo server [options]

Query server information.

dns update server zone name A|AAAA|PTR|CNAME|NS|MX|SRV|TXT olddata newdata

Update a DNS record.

dns zonecreate server zone [options]

Create a zone.

dns zonedelete server zone [options]

Delete a zone.

dns zoneinfo server zone [options]

Query zone information.

dns zonelist server [options]

List zones.

domain

Manage Domain.

domain classicupgrade [options] classic_smb_conf

Upgrade from Samba classic (NT4-like) database to Samba AD DC database.

domain dcpromo dnsdomain [DC|RODC] [options]

Promote an existing domain member or NT4 PDC to an AD DC.

domain demote

Demote ourselves from the role of domain controller.

domain exportkeytab keytab [options]

Dumps Kerberos keys of the domain into a keytab.

domain info ip_address [options]

Print basic info about a domain and the specified DC.

domain join dnsdomain [DC|RODC|MEMBER|SUBDOMAIN] [options]

Join a domain as either member or backup domain controller.

domain level show|raise options [options]

Show/raise domain and forest function levels.

domain passwordsettings show|set options [options]

Show/set password settings.

domain provision

Promote an existing domain member or NT4 PDC to an AD DC.

drs

Manage Directory Replication Services (DRS).

drs bind

Show DRS capabilities of a server.

drs kcc

Trigger knowledge consistency center run.

drs options

Query or change options for NTDS Settings object of a domain controller.

drs replicate destination_DC source_DC NC [options]

Replicate a naming context between two DCs.

drs showrepl

Show replication status.

dsacl

Administer DS ACLs

dsacl set

Modify access list on a directory object.

fsmo

Manage Flexible Single Master Operations (FSMO).

fsmo seize [options]

Seize the role.

fsmo show

Show the roles.

fsmo transfer [options]

Transfer the role.

gpo

Manage Group Policy Objects (GPO).

gpo create displayname [options]

Create an empty GPO.

gpo del gpo [options]

Delete GPO.

gpo dellink container_dn gpo [options]

Delete GPO link from a container.

gpo fetch gpo [options]

Download a GPO.

gpo getinheritance container_dn [options]

Get inheritance flag for a container.

gpo getlink container_dn [options]

List GPO Links for a container.

gpo list username [options]

List GPOs for an account.

gpo listall

List all GPOs.

gpo listcontainers gpo [options]

List all linked containers for a GPO.

gpo setinheritance container_dn block|inherit [options]

Set inheritance flag on a container.

gpo setlink container_dn gpo [options]

Add or Update a GPO link to a container.

gpo show gpo [options]

Show information for a GPO.

group

Manage groups.

group add groupname [options]

Create a new AD group.

group addmembers groupname members [options]

Add members to an AD group.

group delete groupname [options]

Delete an AD group.

group list

List all groups.

group listmembers groupname [options]

List all members of the specified AD group.

group removemembers groupname members [options]

Remove members from the specified AD group.

ldapcmp \fIURL1\fR \fIURL2\fR \fIdomain|configuration|schema|dnsdomain|dnsforest\fR [options]

Compare two LDAP databases.

ntacl

Manage NT ACLs.

ntacl get file [options]

Get ACLs on a file.

ntacl set acl file [options]

Set ACLs on a file.

ntacl sysvolcheck

Check sysvol ACLs match defaults (including correct ACLs on GPOs).

ntacl sysvolreset

Reset sysvol ACLs to defaults (including correct ACLs on GPOs).

rodc

Manage Read-Only Domain Controller (RODC).

rodc preload SID|DN|accountname [options]

Preload one account for an RODC.

sites

Manage sites.

sites create site [options]

Create a new site.

sites remove site [options]

Delete an esxisting site.

spn

Manage Service Principal Names (SPN).

spn add name user [options]

Create a new SPN.

spn delete name [user] [options]

Delete an existing SPN.

spn list user [options]

List SPNs of a given user.

testparm

Check the syntax of the configuration file.

time

Retrieve the time on a server.

user

Manage users.

user add username [password]

Create a new user. Please note that this subcommand is deprecated and available for compatibility reasons only. Please use samba-tool user create instead.

user create username [password]

Create a new user in the Active Directory Domain.

user delete username [options]

Delete an existing user account.

user disable username

Disable an user account.

user enable username

Enable an user account.

user list

List all users.

user password [options]

Change password for an user account (the one provided in authentication).

user setexpiry username [options]

Set the expiration of an user account.

user setpassword username [options]

Sets or resets the password of an user account.

vampire [options] \fIdomain\fR

Join and synchronise a remote AD domain to the local server. Please note that samba-tool vampire is deprecated, please use samba-tool domain join instead.

help

Gives usage information.

This man page is complete for version 4 of the Samba suite.

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

The samba-tool manpage was written by Karolin Seeger.