samba-tool -h

Usage: samba-tool <subcommand>

Main samba administration tool.


Options:
  -h, --help       show this help message and exit

  Version Options:
    -V, --version  Display version number


Available subcommands:
  computer    - Computer management.
  dbcheck     - Check local AD database for errors.
  delegation  - Delegation management.
  dns         - Domain Name Service (DNS) management.
  domain      - Domain management.
  drs         - Directory Replication Services (DRS) management.
  dsacl       - DS ACLs manipulation.
  forest      - Forest management.
  fsmo        - Flexible Single Master Operations (FSMO) roles management.
  gpo         - Group Policy Object (GPO) management.
  group       - Group management.
  ldapcmp     - Compare two ldap databases.
  ntacl       - NT ACLs manipulation.
  ou          - Organizational Units (OU) management
  processes   - List processes (to aid debugging on systems without setproctitle).
  rodc        - Read-Only Domain Controller (RODC) management.
  schema      - Schema querying and management.
  sites       - Sites management.
  spn         - Service Principal Name (SPN) management.
  testparm    - Syntax check the configuration file.
  time        - Retrieve the time on a server.
  user        - User management.
  visualize   - Produces graphical representations of Samba network state
For more help on a specific subcommand, please type: samba-tool <subcommand> (-h|--help)

samba-tool domain level show
Domain and forest function level for domain 'DC=computerclub,DC=lan'

Forest function level: (Windows) 2008 R2
Domain function level: (Windows) 2008 R2
Lowest function level of a DC: (Windows) 2008 R2

samba-tool user create user3
New Password:
Retype Password:
User 'user3' created successfully

samba-tool user add -h

sudo samba-tool user create User2 passw2rd --given-name=Jane --surname=Doe
--userou='OU=OrgUnit' --must-change-at-next-login

samba-tool user list
myuser
krbtgt_9385
user4
user2
krbtgt_35189
ordinatous
Administrator
dns-srvads2
Guest
user3
dns-srvads
krbtgt

❯ samba-tool group list
DnsUpdateProxy
Cryptographic Operators
Pre-Windows 2000 Compatible Access
Administrators
Performance Monitor Users
Domain Admins
Guests
ordi_eleve

samba-tool group listmembers "Read-only Domain Controllers"
SRVRODC$
❯ samba-tool group listmembers "Domain Controllers"
SRVADS2$
SRVADS$
❯ samba-tool group listmembers "Domain Admins"
ordinatous
Administrator

samba-tool user setpassword your_domain_user

samba-tool user disable your_domain_user
samba-tool user enable your_domain_user

samba-tool visualize ntdsconn

NTDS Connections known to CN=SRVADS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=computerclub,DC=lan

destination
  ,--- CN=NTDS Settings,CN=SRVADS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=computerclub,DC=lan
  |,-- CN=NTDS Settings,CN=SRVADS2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=computerclub,DC=lan
source ||,- CN=NTDS Settings,CN=SRVRODC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=computerclub,DC=lan
CN=NTDS Settings,CN=SRVADS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=computerclub,DC=lan 011
CN=NTDS Settings,CN=SRVADS2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=computerclub,DC=lan 102
CN=NTDS Settings,CN=SRVRODC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=computerclub,DC=lan --0

Data can get from source to destination in the indicated number of steps.
0 means zero steps (it is the same DC)
1 means a direct link
2 means a transitive link involving two steps (i.e. one intermediate DC)
- means there is no connection, even through other DCs