COMMANDS
dbcheck
Check the local AD database for errors.
delegation
Manage Delegations.
delegation add-service accountname
principal
[options]
Add a service principal as msDS-AllowedToDelegateTo.
delegation del-service accountname
principal
[options]
Delete a service principal as msDS-AllowedToDelegateTo.
delegation for-any-protocol accountname
[(on|off)] [options]
Set/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (S4U2Proxy)
for an account.
delegation for-any-service accountname
[(on|off)] [options]
Set/unset UF_TRUSTED_FOR_DELEGATION for an account.
delegation show accountname
[options]
Show the delegation setting of an account.
dns
Manage Domain Name Service (DNS).
dns add server
zone
name
A|AAAA|PTR|CNAME|NS|MX|SRV|TXT
data
Add a DNS record.
dns delete server
zone
name
A|AAAA|PTR|CNAME|NS|MX|SRV|TXT
data
Delete a DNS record.
dns query server
zone
name
A|AAAA|PTR|CNAME|NS|MX|SRV|TXT|ALL
[options] data
Query a name.
dns roothints server
[name
] [options]
Query root hints.
dns serverinfo server
[options]
Query server information.
dns update server
zone
name
A|AAAA|PTR|CNAME|NS|MX|SRV|TXT
olddata
newdata
Update a DNS record.
dns zonecreate server
zone
[options]
Create a zone.
dns zonedelete server
zone
[options]
Delete a zone.
dns zoneinfo server
zone
[options]
Query zone information.
dns zonelist server
[options]
List zones.
domain classicupgrade [options] classic_smb_conf
Upgrade from Samba classic (NT4-like) database to Samba AD DC
database.
domain dcpromo dnsdomain
[DC|RODC] [options]
Promote an existing domain member or NT4 PDC to an AD DC.
domain demote
Demote ourselves from the role of domain controller.
domain exportkeytab keytab
[options]
Dumps Kerberos keys of the domain into a keytab.
domain info ip_address
[options]
Print basic info about a domain and the specified DC.
domain join dnsdomain
[DC|RODC|MEMBER|SUBDOMAIN] [options]
Join a domain as either member or backup domain controller.
domain level show|raise
options
[options]
Show/raise domain and forest function levels.
domain passwordsettings show|set
options
[options]
Show/set password settings.
domain provision
Promote an existing domain member or NT4 PDC to an AD DC.
domain trust
Domain and forest trust management.
domain trust create DOMAIN
options
[options]
Create a domain or forest trust.
domain trust delete DOMAIN
options
[options]
Delete a domain trust.
domain trust list options
[options]
List domain trusts.
domain trust namespaces [DOMAIN
] options
[options]
Manage forest trust namespaces.
domain trust show DOMAIN
options
[options]
Show trusted domain details.
domain trust validate DOMAIN
options
[options]
Validate a domain trust.
drs
Manage Directory Replication Services (DRS).
drs bind
Show DRS capabilities of a server.
drs kcc
Trigger knowledge consistency center run.
drs options
Query or change options
for NTDS Settings
object of a domain controller.
drs replicate destination_DC
source_DC
NC
[options]
Replicate a naming context between two DCs.
drs showrepl
Show replication status.
dsacl set
Modify access list on a directory object.
fsmo
Manage Flexible Single Master Operations (FSMO).
fsmo seize [options]
Seize the role.
fsmo transfer [options]
Transfer the role.
gpo
Manage Group Policy Objects (GPO).
gpo create displayname
[options]
Create an empty GPO.
gpo del gpo
[options]
Delete GPO.
gpo dellink container_dn
gpo
[options]
Delete GPO link from a container.
gpo fetch gpo
[options]
Download a GPO.
gpo getinheritance container_dn
[options]
Get inheritance flag for a container.
gpo getlink container_dn
[options]
List GPO Links for a container.
gpo list username
[options]
List GPOs for an account.
gpo listall
List all GPOs.
gpo listcontainers gpo
[options]
List all linked containers for a GPO.
gpo setinheritance container_dn
block|inherit
[options]
Set inheritance flag on a container.
gpo setlink container_dn
gpo
[options]
Add or Update a GPO link to a container.
gpo show gpo
[options]
Show information for a GPO.
group add groupname
[options]
Create a new AD group.
group addmembers groupname
members
[options]
Add members to an AD group.
group delete groupname
[options]
Delete an AD group.
group list
List all groups.
group listmembers groupname
[options]
List all members of the specified AD group.
group removemembers groupname
members
[options]
Remove members from the specified AD group.
ldapcmp URL1
URL2
domain|configuration|schema|dnsdomain|dnsforest
[options]
Compare two LDAP databases.
ntacl get file
[options]
Get ACLs on a file.
ntacl set acl
file
[options]
Set ACLs on a file.
ntacl sysvolcheck
Check sysvol ACLs match defaults (including correct ACLs on GPOs).
ntacl sysvolreset
Reset sysvol ACLs to defaults (including correct ACLs on GPOs).
rodc
Manage Read-Only Domain Controller (RODC).
rodc preload SID
|DN
|accountname
[options]
Preload one account for an RODC.
sites create site
[options]
Create a new site.
sites remove site
[options]
Delete an existing site.
spn
Manage Service Principal Names (SPN).
spn add name
user
[options]
Create a new SPN.
spn delete name
[user
] [options]
Delete an existing SPN.
spn list user
[options]
List SPNs of a given user.
testparm
Check the syntax of the configuration file.
time
Retrieve the time on a server.
user add username
[password
]
Create a new user. Please note that this subcommand is deprecated
and available for compatibility reasons only. Please use
samba-tool user create
instead.
user create username
[password
]
Create a new user in the Active Directory Domain.
user delete username
[options]
Delete an existing user account.
user disable username
Disable an user account.
user enable username
Enable an user account.
user password [options]
Change password for an user account (the one provided in
authentication).
user setexpiry username
[options]
Set the expiration of an user account.
user setpassword username
[options]
Sets or resets the password of an user account.
vampire [options] domain
Join and synchronise a remote AD domain to the local server.
Please note that samba-tool vampire
is deprecated,
please use samba-tool domain join
instead.
help
Gives usage information.