This page outlines how to perform common tasks with active directory
NOTE: This page is a work in progress and is subject to change without warning
Changing Passwords
Locking/Unlocking Accounts
Editing user attributes
User attributes can be changed by editing a users LDAP record. The easiest way to do this interactively is with either samba-tool user edit <username> on a domain controller or ldapvi cn=<username> if editing from any other machine.
Users can also be batch edited with ldapmodify. See below for details.
Important attributes that might need to be changed are:
Field |
Description |
displayName |
automatically generated as "<givenName> <sn>" |
givenName |
Firstname |
sn |
Surname |
gecos |
Stores the user's real name on *NIX systems, defaults to be the same as displayName |
LoginShell |
User's *NIX shell, defaults to /bin/zsh |
gidNumber |
The user's primary POSIX group |
ldap tools
LDAP access in AD environments requires authentication to work properly, use -x -W -D "<your_username>@ad.ucc.gu.uwa.edu.au" to authenticate the query.