samba-tool - Main Samba administration tool.
[-h] [-W myworkgroup] [-U user] [-d debuglevel]
This tool is part of the samba(7)
Show this help message and exit
Set the realm name
DN to use for a simple bind
Don't ask for a password
IP address of the server
is an integer from 0 to 10. The
default value if this parameter is not specified is 1.
The higher this value, the more detail will be logged to the log files about the
activities of the server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for day-to-day running
- it generates a small amount of information about operations carried out.
Levels above 1 will generate considerable amounts of log data, and should only
be used when investigating a problem. Levels above 3 are designed for use only
by developers and generate HUGE amounts of log data, most of which is
Note that specifying this parameter here will override the log level
parameter in the smb.conf file.
Prints the program version number.
The file specified contains the configuration
details required by the server. The information in this file includes
server-specific information such as what printcap file to use, as well as
descriptions of all the services that the server is to provide. See smb.conf
for more information. The default configuration file name is determined at
Base directory name for log/debug files. The
extension ".progname" will be appended (e.g. log.smbclient,
log.smbd, etc...). The log file is never removed by the client.
Set the smb.conf(5)
"<name>" to value "<value>" from the command
line. This overrides compiled-in defaults and options read from the
Check the local AD database for errors.
Add a service principal as msDS-AllowedToDelegateTo.
Delete a service principal as msDS-AllowedToDelegateTo.
Set/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (S4U2Proxy) for an account.
Set/unset UF_TRUSTED_FOR_DELEGATION for an account.
Show the delegation setting of an account.
Manage Domain Name Service (DNS).
Add a DNS record.
Delete a DNS record.
Query a name.
Query root hints.
Query server information.
Update a DNS record.
Create a zone.
Delete a zone.
Query zone information.
Upgrade from Samba classic (NT4-like) database to Samba AD DC database.
Promote an existing domain member or NT4 PDC to an AD DC.
Demote ourselves from the role of domain controller.
Dumps Kerberos keys of the domain into a keytab.
Print basic info about a domain and the specified DC.
Join a domain as either member or backup domain controller.
Show/raise domain and forest function levels.
Show/set password settings.
Promote an existing domain member or NT4 PDC to an AD DC.
Domain and forest trust management.
Create a domain or forest trust.
Delete a domain trust.
List domain trusts.
Manage forest trust namespaces.
Show trusted domain details.
Validate a domain trust.
Manage Directory Replication Services (DRS).
Show DRS capabilities of a server.
Trigger knowledge consistency center run.
Query or change options
for NTDS Settings object of a domain controller.
Replicate a naming context between two DCs.
Show replication status.
Administer DS ACLs
Modify access list on a directory object.
Manage Flexible Single Master Operations (FSMO).
Seize the role.
Show the roles.
Transfer the role.
Manage Group Policy Objects (GPO).
Create an empty GPO.
Delete GPO link from a container.
Download a GPO.
Get inheritance flag for a container.
List GPO Links for a container.
List GPOs for an account.
List all GPOs.
List all linked containers for a GPO.
Set inheritance flag on a container.
Add or Update a GPO link to a container.
Show information for a GPO.
Create a new AD group.
Add members to an AD group.
Delete an AD group.
List all groups.
List all members of the specified AD group.
Remove members from the specified AD group.
Compare two LDAP databases.
Manage NT ACLs.
Get ACLs on a file.
Set ACLs on a file.
Check sysvol ACLs match defaults (including correct ACLs on GPOs).
Reset sysvol ACLs to defaults (including correct ACLs on GPOs).
Manage Read-Only Domain Controller (RODC).
Preload one account for an RODC.
Create a new site.
Delete an existing site.
Manage Service Principal Names (SPN).
Create a new SPN.
Delete an existing SPN.
List SPNs of a given user.
Check the syntax of the configuration file.
Retrieve the time on a server.
Create a new user. Please note that this subcommand is deprecated and available
for compatibility reasons only. Please use samba-tool user create instead.
Create a new user in the Active Directory Domain.
Delete an existing user account.
Disable an user account.
Enable an user account.
List all users.
Change password for an user account (the one provided in authentication).
Set the expiration of an user account.
Sets or resets the password of an user account.
Gets the password of an user account.
Syncs the passwords of all user accounts, using an optional script.
Note that this command should run on a single domain controller only (typically
Join and synchronise a remote AD domain to the local server. Please note that
samba-tool vampire is deprecated, please use samba-tool domain join instead.
Produce graphical representations of Samba network state. To work out what is
happening in a replication graph, it is sometimes helpful to use
There are two subcommands, two graphical modes, and (roughly) two modes of
operation with respect to the location of authority.
samba-tool visualize ntdsconn
Looks at NTDS connections.
samba-tool visualize reps
Looks at repsTo and repsFrom objects.
Distances between DCs are shown in a matrix in
Generate Graphviz dot output. When viewed
using dot or xdot, this shows the network as a graph with DCs as vertices and
connections edges. Certain types of degenerate edges are shown in different
colours or line-styles.
Normally, samba-tool talks to one database;
with the [-r] option attempts are made to contact all the DCs known to the
first database. This is necessary to get sensible results from samba-tool
visualize reps because the repsFrom/To objects are not replicated, and it can
reveal replication issues in other modes.
Gives usage information.
This man page is complete for version 4.8.3 of the Samba suite.
The original Samba software and related utilities were created by Andrew
Tridgell. Samba is now developed by the Samba Team as an Open Source project
similar to the way the Linux kernel is developed.