This page outlines how to perform common tasks with active directory '''NOTE: This page is a work in progress and is subject to change without warning''' == Changing Passwords == '''samson ~ #''' smbpasswd -e ''username'' '''N.B.''' the presence of the -e switch is to enable/unlock the account at the same time. == Locking/Unlocking Accounts == === Lock === '''samson ~ #''' samba-tool user disable ''username'' === Unlock === '''samson ~ #''' samba-tool user enable ''username'' == Editing user attributes == User attributes can be changed by editing a users LDAP record. The easiest way to do this interactively is with either `samba-tool user edit ` on a domain controller or `ldapvi cn=` if editing from any other machine. Users can also be batch edited with ldapmodify. See below for details. Important attributes that might need to be changed are: ||'''Field'''||'''Description'''|| ||`displayName`||automatically generated as "` `"|| ||`givenName`|| Firstname|| ||`sn`|| Surname|| ||`gecos`||Stores the user's real name on *NIX systems, defaults to be the same as `displayName`|| ||`LoginShell`||User's *NIX shell, defaults to `/bin/zsh`|| ||`gidNumber`||The user's primary POSIX group|| == ldap tools == LDAP access in AD environments requires authentication to work properly, either use `-x -W -D "@ad.ucc.gu.uwa.edu.au"` to authenticate the query, or Kerberos (`kinit` and add `-Y GSSAPI` to `ldapvi` or whatever) == fixing email == If the user has their email in their mail folder in their homedir rather than the general mail spool use ldapvi to fix where it looks for their mailbox `kinit` `ldapvi -b dc=ad,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au --host AD.UCC.GU.UWA.EDU.AU -Y GSSAPI` find the user, then add their mail location, something like: `otherMailbox: mbox:/home/ucc//Mail:INBOX=/home/ucc//Mail/inbox`