# samba-tool group The `samba-tool group` command is a versatile utility within the Samba suite used to manage groups in a Samba Active Directory domain. It allows administrators to create, modify, delete, and query group information, making it an essential tool for managing group-based permissions and access control in mixed Windows/Unix environments. ## Overview `samba-tool group` helps administrators: * **Create and Delete Groups**: Add new groups to the domain or remove obsolete ones. * **Modify Group Attributes**: Change group properties such as descriptions or membership. * **List and Query Groups**: Retrieve information on groups, including listing all groups or showing details for a specific group. * **Manage Group Memberships**: Add or remove members from a group. ## Common Subcommands Below are some of the most frequently used subcommands with examples. ### 1. **add** * **Purpose**: Create a new group in the domain. * **Usage**: ```bash samba-tool group add ``` * **Example**: ```bash samba-tool group add Marketing ``` This command creates a new group called "Marketing". ### 2. **delete** * **Purpose**: Delete an existing group from the domain. * **Usage**: ```bash samba-tool group delete ``` * **Example**: ```bash samba-tool group delete OldGroup ``` This removes the group "OldGroup" from the domain. ### 3. **list** * **Purpose**: List all groups in the domain. * **Usage**: ```bash samba-tool group list ``` * **Example**: ```bash samba-tool group list ``` This command outputs a list of all groups defined in the domain. ### 4. **show** * **Purpose**: Display detailed information about a specific group. * **Usage**: ```bash samba-tool group show ``` * **Example**: ```bash samba-tool group show Marketing ``` This displays detailed attributes of the "Marketing" group, such as its SID and description. ### 5. **addmembers** * **Purpose**: Add one or more members to a group. * **Usage**: ```bash samba-tool group addmembers [ ...] ``` * **Example**: ```bash samba-tool group addmembers Marketing alice bob charlie ``` This command adds the users "alice", "bob", and "charlie" to the "Marketing" group. ### 6. **removemembers** * **Purpose**: Remove one or more members from a group. * **Usage**: ```bash samba-tool group removemembers [ ...] ``` * **Example**: ```bash samba-tool group removemembers Marketing alice ``` This removes "alice" from the "Marketing" group. ### 7. **rename** * **Purpose**: Rename an existing group. * **Usage**: ```bash samba-tool group rename ``` * **Example**: ```bash samba-tool group rename Marketing NewMarketing ``` This command renames the "Marketing" group to "NewMarketing". ## Practical Considerations * **Administrative Privileges**:\ Most operations require domain administrator credentials. Ensure you run these commands with appropriate privileges. * **Consistency and Auditing**:\ Regularly review group memberships using `samba-tool group list` and `samba-tool group show` to ensure that group policies and access controls remain consistent with your organizational needs. * **Scripting and Automation**:\ `samba-tool group` commands are scriptable, making it possible to automate common group management tasks in large deployments. ## Conclusion The `samba-tool group` command is an essential tool for managing group objects in a Samba Active Directory environment. With subcommands for adding, deleting, listing, modifying, and managing group memberships, it provides a comprehensive interface for administrators to maintain and secure group-based access control. By integrating these commands into your administrative routines, you can ensure that group policies are consistently applied and that your domain remains well-organized and secure. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://linux-tutorial-cli.gitbook.io/linux-cli-tutorial/txt-files/file-systems-cocepts/lpic3-300/samba-tool-group-including-relevant-subcommands.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.