samba4 view domain computers

Posted on 2014-07-14
Last Modified: 2014-08-03
I can list Active Directory users with `samba-tool user list`, but how do I list the workstations that are a member of the domain?
Question by:jmarkfoley
    LVL 26

    Expert Comment

    by:Leon Fester
    This tool does not support that function.

    You can however query AD via any LDAP tool using a custom LDAP query:
    e.g. taken from the link below
    $ ldapsearch -x -h -b 'dc=myaddomain,dc=myinetdomain,dc=net' -s base -D '' -W '(objectclass=Computer)'
    LVL 1

    Author Comment

    Thanks. I checked out the link, but not having much luck. Here are the instructions:

    Want to see all the computers in the domain?

     $ ldapsearch -x -h -b 'dc=myaddomain,dc=myinetdomain,dc=net' -s base -D  '' -W '(objectclass=Computer)'

    For my system, I modified this to

    $ ldapsearch -x -h -b 'dc=hprs,dc=local' -s base -D 'Administrator@hprs.local' -W '(objectclass=Computer)'

    and got:
    # extended LDIF
    # LDAPv3
    # base <dc=hprs,dc=local> with scope baseObject
    # filter: (objectclass=Computer)
    # requesting: ALL
    # search result
    search: 2
    result: 0 Success

    Open in new window

    Are you familiar with ldapsearch usage? Can you see what I'm doing wrong?
    LVL 26

    Expert Comment

    by:Leon Fester
    I'm not familiar with ldapsearch itself but Idap queries are standard for all ldap implementations.

    Interesting note I found about ldapsearch limitations:
    It is possible that LDAP returns no entries even when a proper bind_dn, password and base DN are provided. LDAP can be configured to prevent listing of entries starting at the root base, e.g. “dc=splunkers, dc=com”. In this case, you’ll have to provide a more specific base DN, for example:
    LVL 1

    Author Comment

    This LDAP stuff is way over my head without a lot more research. What is a "more specific DN"? I'll probably have to get more into this in the future, but at the moment I don't even know what LDAP does other than the manpage statement "provides access to X.500 directory services". I'm way down the mountain on this one. I am currently trying to get Samba4 DC/AC set up and was just looking for a "simple" command to list computers that have joined the domain.

    Surely someone has a one-liner to do this?
    LVL 26

    Accepted Solution

    I've checked a few websites and cannot find a one liner for this function other than to query AD via a LDAP tool.
    However, check out this post which seems to indicate that you can connect to the Samba AD via the Active Directory Users and Computers  snap-in. This is the standard tool used in Windows to manage active4 directory.

    You'll need to install the RSAT tools on one of your Windows workstations.
    Windows 7

    Windows 8

    Regarding the LDAP:

    A more specific DN would include the Organizational Unit or Container from Active Directory.
    e.g. you create a new Organizational Unit called 'Servers' on the root of AD the DN would be:

    If your computers are in the Built-in Computer container then the DN would be:
    LVL 1

    Author Comment

    Thanks - I think I'll move on and revisit this later.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Suggested Solutions

    If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
    Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
    Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now