This page outlines how to perform common tasks with active directory

'''NOTE: This page is a work in progress and is subject to change without warning'''

== Changing Passwords ==

'''samson ~ #''' smbpasswd -e ''username''

'''N.B.''' the presence of the -e switch is to enable/unlock the account at the same time.

== Locking/Unlocking Accounts ==

=== Lock ===
'''samson ~ #''' samba-tool user disable ''username''

=== Unlock ===
'''samson ~ #''' samba-tool user enable ''username''

== Editing user attributes ==
User attributes can be changed by editing a users LDAP record. The easiest way to do this interactively is with
either `samba-tool user edit <username>` on a domain controller or `ldapvi cn=<username>` if editing from any other machine.

Users can also be batch edited with ldapmodify. See below for details.

Important attributes that might need to be changed are:
||'''Field'''||'''Description'''||
||`displayName`||automatically generated as "`<givenName> <sn>`"||
||`givenName`|| Firstname||
||`sn`|| Surname||
||`gecos`||Stores the user's real name on *NIX systems, defaults to be the same as `displayName`||
||`LoginShell`||User's *NIX shell, defaults to `/bin/zsh`||
||`gidNumber`||The user's primary POSIX group||


== ldap tools ==
LDAP access in AD environments requires authentication to work properly, either use `-x -W -D "<your_username>@ad.ucc.gu.uwa.edu.au"` to authenticate the query, or Kerberos (`kinit` and add `-Y GSSAPI` to `ldapvi` or whatever)

== fixing email ==
If the user has their email in their mail folder in their homedir rather than the general mail spool use ldapvi to fix where it looks for their mailbox

`kinit`

`ldapvi -b dc=ad,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au --host AD.UCC.GU.UWA.EDU.AU -Y GSSAPI`

find the user, then add their mail location, something like:

`otherMailbox: mbox:/home/ucc/<username>/Mail:INBOX=/home/ucc/<username>/Mail/inbox`