This page outlines how to perform common tasks with active directory

NOTE: This page is a work in progress and is subject to change without warning

Changing Passwords

Locking/Unlocking Accounts

Editing user attributes

User attributes can be changed by editing a users LDAP record. The easiest way to do this interactively is with either samba-tool user edit <username> on a domain controller or ldapvi cn=<username> if editing from any other machine.

Users can also be batch edited with ldapmodify. See below for details.

Important attributes that might need to be changed are:

Field

Description

displayName

automatically generated as "<givenName> <sn>"

givenName

Firstname

sn

Surname

gecos

Stores the user's real name on *NIX systems, defaults to be the same as displayName

LoginShell

User's *NIX shell, defaults to /bin/zsh

gidNumber

The user's primary POSIX group

ldap tools

LDAP access in AD environments requires authentication to work properly, use -x -W -D "<your_username>@ad.ucc.gu.uwa.edu.au" to authenticate the query.