302.3 Active Directory User Management (weight: 4)

Tech Tutorial: 302.3 Active Directory User Management #

Introduction #

This tutorial is designed to help system administrators and IT professionals understand how to manage user and group accounts on standalone servers and within a Samba-based Active Directory environment. Managing user accounts and permissions is crucial for maintaining the security and efficiency of your IT infrastructure.

In this guide, we’ll cover the necessary steps and commands to efficiently handle user and group accounts using different utilities, with a focus on Samba for Active Directory integration.

Key Knowledge Areas: #

  • User and group add/mod/del
  • User on standalone server
  • User in Samba Active Directory
  • Group on standalone server
  • Group in Samba Active Directory

Utilities: #

  • useradd, usermod, userdel
  • groupadd, groupmod, groupdel
  • samba-tool

Step-by-Step Guide #

Managing Users on a Standalone Server #

Adding a New User #

To add a new user in Linux, use the useradd command. Here’s how to add a user named jdoe:

sudo useradd jdoe

To set a password for the user, use the passwd command:

sudo passwd jdoe

Modifying a User #

To modify an existing user, for example changing the login name from jdoe to john_doe, use usermod:

sudo usermod -l john_doe jdoe

Deleting a User #

To delete a user, use the userdel command. To remove john_doe along with his home directory:

sudo userdel -r john_doe

Managing Groups on a Standalone Server #

Adding a New Group #

To add a new group named developers:

sudo groupadd developers

Modifying a Group #

To modify a group, for example to change the name from developers to dev_team:

sudo groupmod -n dev_team developers

Deleting a Group #

To delete the group dev_team:

sudo groupdel dev_team

Managing Users in Samba Active Directory #

Adding a New User #

To add a new user to the Samba AD, use samba-tool:

sudo samba-tool user add jdoe --given-name=John --surname=Doe --random-password

Modifying a User #

To modify an existing user in Samba AD, for example to change the user’s surname:

sudo samba-tool user edit jdoe

This command opens an editor to allow detailed modifications in the user’s attributes.

Deleting a User #

To delete a user from Samba AD:

sudo samba-tool user delete jdoe

Managing Groups in Samba Active Directory #

Adding a New Group #

To add a new group in Samba AD:

sudo samba-tool group add developers

Modifying a Group #

To modify a group in Samba AD:

sudo samba-tool group edit developers

This opens an editor for detailed modifications.

Deleting a Group #

To delete a group from Samba AD:

sudo samba-tool group delete developers

Conclusion #

In this tutorial, we covered how to manage users and groups on both standalone Linux servers and in a Samba-based Active Directory environment. Using the commands and procedures outlined, you can effectively manage your IT infrastructure’s user accounts and permissions. Regular management of user and group accounts ensures security and operational efficiency in an organization.

Feel free to experiment with the commands and tailor the parameters to fit the specific needs of your environment. Always ensure you have proper backups and restoration processes in place before making significant changes to your user and group settings.