docs-xml/manpages/samba-tool.8.xml

   1 <?xml version="1.0" encoding="iso-8859-1"?>
   2 <!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
   3 <refentry id="samba-tool.8">
   4
   5 <refmeta>
   6         <refentrytitle>samba-tool</refentrytitle>
   7         <manvolnum>8</manvolnum>
   8         <refmiscinfo class="source">Samba</refmiscinfo>
   9         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
  10         <refmiscinfo class="version">&doc.version;</refmiscinfo>
  11 </refmeta>
  12
  13
  14 <refnamediv>
  15         <refname>samba-tool</refname>
  16         <refpurpose>Main Samba administration tool.
  17         </refpurpose>
  18 </refnamediv>
  19
  20 <refsynopsisdiv>
  21         <cmdsynopsis>
  22                 <command>samba-tool</command>
  23                 <arg choice="opt">-h</arg>
  24                 <arg choice="opt">-W myworkgroup</arg>
  25                 <arg choice="opt">-U user</arg>
  26                 <arg choice="opt">-d debuglevel</arg>
  27                 <arg choice="opt">--v</arg>
  28         </cmdsynopsis>
  29 </refsynopsisdiv>
  30
  31 <refsect1>
  32         <title>DESCRIPTION</title>
  33         <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
  34         <manvolnum>7</manvolnum></citerefentry> suite.</para>
  35 </refsect1>
  36
  37 <refsect1>
  38         <title>OPTIONS</title>
  39
  40         <variablelist>
  41
  42         <varlistentry>
  43         <term>-h|--help</term>
  44         <listitem><para>
  45         Show this help message and exit
  46         </para></listitem>
  47         </varlistentry>
  48
  49         <varlistentry>
  50         <term>--realm=REALM</term>
  51         <listitem><para>
  52         Set the realm name
  53         </para></listitem>
  54         </varlistentry>
  55
  56         <varlistentry>
  57         <term>--simple-bind-dn=DN</term>
  58         <listitem><para>
  59         DN to use for a simple bind
  60         </para></listitem>
  61         </varlistentry>
  62
  63         <varlistentry>
  64         <term>--password=PASSWORD</term>
  65         <listitem><para>
  66         Password
  67         </para></listitem>
  68         </varlistentry>
  69
  70         <varlistentry>
  71         <term>-U USERNAME|--username=USERNAME</term>
  72         <listitem><para>
  73         Username
  74         </para></listitem>
  75         </varlistentry>
  76
  77         <varlistentry>
  78         <term>-W WORKGROUP|--workgroup=WORKGROUP</term>
  79         <listitem><para>
  80         Workgroup
  81         </para></listitem>
  82         </varlistentry>
  83
  84         <varlistentry>
  85         <term>-N|--no-pass</term>
  86         <listitem><para>
  87         Don't ask for a password
  88         </para></listitem>
  89         </varlistentry>
  90
  91         <varlistentry>
  92         <term>-k KERBEROS|--kerberos=KERBEROS</term>
  93         <listitem><para>
  94         Use Kerberos
  95         </para></listitem>
  96         </varlistentry>
  97
  98         <varlistentry>
  99         <term>--ipaddress=IPADDRESS</term>
 100         <listitem><para>
 101         IP address of the server
 102         </para></listitem>
 103         </varlistentry>
 104
 105         &popt.common.samba.client;
 106
 107         </variablelist>
 108 </refsect1>
 109
 110 <refsect1>
 111 <title>COMMANDS</title>
 112
 113 <refsect3>
 114         <title>computer create <replaceable>computername</replaceable> [options]</title>
 115         <para>Create a new computer in the Active Directory Domain.</para>
 116         <para>The new computer name specified on the command is the
 117         sAMAccountName, with or without the trailing dollar sign.</para>
 118
 119         <variablelist>
 120         <varlistentry>
 121         <term>--computerou=COMPUTEROU</term>
 122         <listitem><para>
 123         DN of alternative location (with or without domainDN counterpart) to
 124         default CN=Computers in which new computer object will be created.
 125         E.g. 'OU=OUname'.
 126         </para></listitem>
 127         </varlistentry>
 128
 129         <varlistentry>
 130         <term>--description=DESCRIPTION</term>
 131         <listitem><para>
 132         The new computers's description.
 133         </para></listitem>
 134         </varlistentry>
 135
 136         <varlistentry>
 137         <term>--ip-address=IP_ADDRESS_LIST</term>
 138         <listitem><para>
 139         IPv4 address for the computer's A record, or IPv6 address for AAAA record,
 140         can be provided multiple times.
 141         </para></listitem>
 142         </varlistentry>
 143
 144         <varlistentry>
 145         <term>--service-principal-name=SERVICE_PRINCIPAL_NAME_LIST</term>
 146         <listitem><para>
 147         Computer's Service Principal Name, can be provided multiple times.
 148         </para></listitem>
 149         </varlistentry>
 150
 151         <varlistentry>
 152         <term>--prepare-oldjoin</term>
 153         <listitem><para>
 154         Prepare enabled machine account for oldjoin mechanism.
 155         </para></listitem>
 156         </varlistentry>
 157         </variablelist>
 158 </refsect3>
 159
 160 <refsect3>
 161         <title>computer delete <replaceable>computername</replaceable> [options]</title>
 162         <para>Delete an existing computer account.</para>
 163         <para>The computer name specified on the command is the
 164         sAMAccountName, with or without the trailing dollar sign.</para>
 165 </refsect3>
 166
 167 <refsect3>
 168         <title>computer list</title>
 169         <para>List all computers.</para>
 170 </refsect3>
 171
 172 <refsect3>
 173         <title>computer move <replaceable>computername</replaceable> <replaceable>new_parent_dn</replaceable> [options]</title>
 174         <para>This command moves a computer account into the specified
 175         organizational unit or container.</para>
 176         <para>The computername specified on the command is the
 177         sAMAccountName, with or without the trailing dollar sign.</para>
 178         <para>The name of the organizational unit or container can be
 179         specified as a full DN or without the domainDN component.</para>
 180 </refsect3>
 181
 182 <refsect3>
 183         <title>computer show <replaceable>computername</replaceable> [options]</title>
 184         <para>Display a computer AD object.</para>
 185         <para>The computer name specified on the command is the
 186         sAMAccountName, with or without the trailing dollar sign.</para>
 187
 188         <variablelist>
 189         <varlistentry>
 190         <term>--attributes=USER_ATTRS</term>
 191         <listitem><para>
 192         Comma separated list of attributes, which will be printed.
 193         </para></listitem>
 194         </varlistentry>
 195         </variablelist>
 196 </refsect3>
 197
 198 <refsect2>
 199         <title>dbcheck</title>
 200         <para>Check the local AD database for errors.</para>
 201 </refsect2>
 202
 203 <refsect2>
 204         <title>delegation</title>
 205         <para>Manage Delegations.</para>
 206 </refsect2>
 207
 208 <refsect3>
 209         <title>delegation add-service <replaceable>accountname</replaceable> <replaceable>principal</replaceable> [options]</title>
 210         <para>Add a service principal as msDS-AllowedToDelegateTo.</para>
 211 </refsect3>
 212
 213 <refsect3>
 214         <title>delegation del-service <replaceable>accountname</replaceable> <replaceable>principal</replaceable> [options]</title>
 215         <para>Delete a service principal as msDS-AllowedToDelegateTo.</para>
 216 </refsect3>
 217
 218 <refsect3>
 219         <title>delegation for-any-protocol <replaceable>accountname</replaceable> [(on|off)] [options]</title>
 220         <para>Set/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (S4U2Proxy)
 221         for an account.</para>
 222 </refsect3>
 223
 224 <refsect3>
 225         <title>delegation for-any-service <replaceable>accountname</replaceable> [(on|off)] [options]</title>
 226         <para>Set/unset UF_TRUSTED_FOR_DELEGATION for an account.</para>
 227 </refsect3>
 228
 229 <refsect3>
 230         <title>delegation show <replaceable>accountname</replaceable> [options] </title>
 231         <para>Show the delegation setting of an account.</para>
 232 </refsect3>
 233
 234 <refsect2>
 235         <title>dns</title>
 236         <para>Manage Domain Name Service (DNS).</para>
 237 </refsect2>
 238
 239 <refsect3>
 240         <title>dns add <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT</replaceable> <replaceable>data</replaceable></title>
 241         <para>Add a DNS record.</para>
 242 </refsect3>
 243
 244 <refsect3>
 245         <title>dns delete <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT</replaceable> <replaceable>data</replaceable></title>
 246         <para>Delete a DNS record.</para>
 247 </refsect3>
 248
 249 <refsect3>
 250         <title>dns query <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT|ALL</replaceable> [options] <replaceable>data</replaceable></title>
 251         <para>Query a name.</para>
 252 </refsect3>
 253
 254 <refsect3>
 255         <title>dns roothints <replaceable>server</replaceable> [<replaceable>name</replaceable>] [options]</title>
 256         <para>Query root hints.</para>
 257 </refsect3>
 258
 259 <refsect3>
 260         <title>dns serverinfo <replaceable>server</replaceable> [options]</title>
 261         <para>Query server information.</para>
 262 </refsect3>
 263
 264 <refsect3>
 265         <title>dns update <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT</replaceable> <replaceable>olddata</replaceable> <replaceable>newdata</replaceable></title>
 266         <para>Update a DNS record.</para>
 267 </refsect3>
 268
 269 <refsect3>
 270         <title>dns zonecreate <replaceable>server</replaceable> <replaceable>zone</replaceable> [options]</title>
 271         <para>Create a zone.</para>
 272 </refsect3>
 273
 274 <refsect3>
 275         <title>dns zonedelete <replaceable>server</replaceable> <replaceable>zone</replaceable> [options]</title>
 276         <para>Delete a zone.</para>
 277 </refsect3>
 278
 279 <refsect3>
 280         <title>dns zoneinfo <replaceable>server</replaceable> <replaceable>zone</replaceable> [options]</title>
 281         <para>Query zone information.</para>
 282 </refsect3>
 283
 284 <refsect3>
 285         <title>dns zonelist <replaceable>server</replaceable> [options]</title>
 286         <para>List zones.</para>
 287 </refsect3>
 288
 289 <refsect2>
 290         <title>domain</title>
 291         <para>Manage Domain.</para>
 292 </refsect2>
 293
 294 <refsect3>
 295         <title>domain classicupgrade [options] <replaceable>classic_smb_conf</replaceable></title>
 296         <para>Upgrade from Samba classic (NT4-like) database to Samba AD DC
 297         database.</para>
 298 </refsect3>
 299
 300 <refsect3>
 301         <title>domain dcpromo <replaceable>dnsdomain</replaceable> [DC|RODC] [options]</title>
 302         <para>Promote an existing domain member or NT4 PDC to an AD DC.</para>
 303 </refsect3>
 304
 305 <refsect3>
 306         <title>domain demote</title>
 307         <para>Demote ourselves from the role of domain controller.</para>
 308 </refsect3>
 309
 310 <refsect3>
 311         <title>domain exportkeytab <replaceable>keytab</replaceable> [options]</title>
 312         <para>Dumps Kerberos keys of the domain into a keytab.</para>
 313 </refsect3>
 314
 315 <refsect3>
 316         <title>domain info <replaceable>ip_address</replaceable> [options]</title>
 317         <para>Print basic info about a domain and the specified DC.
 318 </para>
 319 </refsect3>
 320
 321 <refsect3>
 322         <title>domain join <replaceable>dnsdomain</replaceable> [DC|RODC|MEMBER|SUBDOMAIN] [options]</title>
 323         <para>Join a domain as either member or backup domain controller.</para>
 324 </refsect3>
 325
 326 <refsect3>
 327         <title>domain level <replaceable>show|raise</replaceable> <replaceable>options</replaceable> [options]</title>
 328         <para>Show/raise domain and forest function levels.</para>
 329 </refsect3>
 330
 331 <refsect3>
 332         <title>domain passwordsettings <replaceable>show|set</replaceable> <replaceable>options</replaceable> [options]</title>
 333         <para>Show/set password settings.</para>
 334 </refsect3>
 335
 336 <refsect3>
 337         <title>domain provision</title>
 338         <para>Promote an existing domain member or NT4 PDC to an AD DC.</para>
 339 </refsect3>
 340
 341 <refsect3>
 342         <title>domain trust</title>
 343         <para>Domain and forest trust management.</para>
 344 </refsect3>
 345
 346 <refsect3>
 347         <title>domain trust create <replaceable>DOMAIN</replaceable> <replaceable>options</replaceable> [options]</title>
 348         <para>Create a domain or forest trust.</para>
 349 </refsect3>
 350
 351 <refsect3>
 352         <title>domain trust delete <replaceable>DOMAIN</replaceable> <replaceable>options</replaceable> [options]</title>
 353         <para>Delete a domain trust.</para>
 354 </refsect3>
 355
 356 <refsect3>
 357         <title>domain trust list <replaceable>options</replaceable> [options]</title>
 358         <para>List domain trusts.</para>
 359 </refsect3>
 360
 361 <refsect3>
 362         <title>domain trust namespaces [<replaceable>DOMAIN</replaceable>] <replaceable>options</replaceable> [options]</title>
 363         <para>Manage forest trust namespaces.</para>
 364 </refsect3>
 365
 366 <refsect3>
 367         <title>domain trust show <replaceable>DOMAIN</replaceable> <replaceable>options</replaceable> [options]</title>
 368         <para>Show trusted domain details.</para>
 369 </refsect3>
 370
 371 <refsect3>
 372         <title>domain trust validate <replaceable>DOMAIN</replaceable> <replaceable>options</replaceable> [options]</title>
 373         <para>Validate a domain trust.</para>
 374 </refsect3>
 375
 376 <refsect2>
 377         <title>drs</title>
 378         <para>Manage Directory Replication Services (DRS).</para>
 379 </refsect2>
 380
 381 <refsect3>
 382         <title>drs bind</title>
 383         <para>Show DRS capabilities of a server.</para>
 384 </refsect3>
 385
 386 <refsect3>
 387         <title>drs kcc</title>
 388         <para>Trigger knowledge consistency center run.</para>
 389 </refsect3>
 390
 391 <refsect3>
 392         <title>drs options</title>
 393         <para>Query or change <replaceable>options</replaceable> for NTDS Settings
 394         object of a domain controller.</para>
 395 </refsect3>
 396
 397 <refsect3>
 398         <title>drs replicate <replaceable>destination_DC</replaceable> <replaceable>source_DC</replaceable> <replaceable>NC</replaceable> [options]</title>
 399         <para>Replicate a naming context between two DCs.</para>
 400 </refsect3>
 401
 402 <refsect3>
 403         <title>drs showrepl</title>
 404         <para>Show replication status.</para>
 405 </refsect3>
 406
 407 <refsect2>
 408         <title>dsacl</title>
 409         <para>Administer DS ACLs</para>
 410 </refsect2>
 411
 412 <refsect3>
 413         <title>dsacl set</title>
 414         <para>Modify access list on a directory object.</para>
 415 </refsect3>
 416
 417 <refsect2>
 418         <title>fsmo</title>
 419         <para>Manage Flexible Single Master Operations (FSMO).</para>
 420 </refsect2>
 421
 422 <refsect3>
 423         <title>fsmo seize [options]</title>
 424         <para>Seize the role.</para>
 425 </refsect3>
 426
 427 <refsect3>
 428         <title>fsmo show</title>
 429         <para>Show the roles.</para>
 430 </refsect3>
 431
 432 <refsect3>
 433         <title>fsmo transfer [options]</title>
 434         <para>Transfer the role.</para>
 435 </refsect3>
 436
 437 <refsect2>
 438         <title>gpo</title>
 439         <para>Manage Group Policy Objects (GPO).</para>
 440 </refsect2>
 441
 442 <refsect3>
 443         <title>gpo create <replaceable>displayname</replaceable> [options]</title>
 444         <para>Create an empty GPO.</para>
 445 </refsect3>
 446
 447 <refsect3>
 448         <title>gpo del <replaceable>gpo</replaceable> [options]</title>
 449         <para>Delete GPO.</para>
 450 </refsect3>
 451
 452 <refsect3>
 453         <title>gpo dellink <replaceable>container_dn</replaceable> <replaceable>gpo</replaceable> [options]</title>
 454         <para>Delete GPO link from a container.</para>
 455 </refsect3>
 456
 457 <refsect3>
 458         <title>gpo fetch <replaceable>gpo</replaceable> [options]</title>
 459         <para>Download a GPO.</para>
 460 </refsect3>
 461
 462 <refsect3>
 463         <title>gpo getinheritance <replaceable>container_dn</replaceable> [options]</title>
 464         <para>Get inheritance flag for a container.</para>
 465 </refsect3>
 466
 467 <refsect3>
 468         <title>gpo getlink <replaceable>container_dn</replaceable> [options]</title>
 469         <para>List GPO Links for a container.</para>
 470 </refsect3>
 471
 472 <refsect3>
 473         <title>gpo list <replaceable>username</replaceable> [options]</title>
 474         <para>List GPOs for an account.</para>
 475 </refsect3>
 476
 477 <refsect3>
 478         <title>gpo listall</title>
 479         <para>List all GPOs.</para>
 480 </refsect3>
 481
 482 <refsect3>
 483         <title>gpo listcontainers <replaceable>gpo</replaceable> [options]</title>
 484         <para>List all linked containers for a GPO.</para>
 485 </refsect3>
 486
 487 <refsect3>
 488         <title>gpo setinheritance <replaceable>container_dn</replaceable> <replaceable>block|inherit</replaceable> [options]</title>
 489         <para>Set inheritance flag on a container.</para>
 490 </refsect3>
 491
 492 <refsect3>
 493         <title>gpo setlink <replaceable>container_dn</replaceable> <replaceable>gpo</replaceable> [options]</title>
 494         <para>Add or Update a GPO link to a container.</para>
 495 </refsect3>
 496
 497 <refsect3>
 498         <title>gpo show <replaceable>gpo</replaceable> [options]</title>
 499         <para>Show information for a GPO.</para>
 500 </refsect3>
 501
 502 <refsect2>
 503         <title>group</title>
 504         <para>Manage groups.</para>
 505 </refsect2>
 506
 507 <refsect3>
 508         <title>group add <replaceable>groupname</replaceable> [options]</title>
 509         <para>Create a new AD group.</para>
 510 </refsect3>
 511
 512 <refsect3>
 513         <title>group addmembers <replaceable>groupname</replaceable> <replaceable>members</replaceable> [options]</title>
 514         <para>Add members to an AD group.</para>
 515 </refsect3>
 516
 517 <refsect3>
 518         <title>group delete <replaceable>groupname</replaceable> [options]</title>
 519         <para>Delete an AD group.</para>
 520 </refsect3>
 521
 522 <refsect3>
 523         <title>group list</title>
 524         <para>List all groups.</para>
 525 </refsect3>
 526
 527 <refsect3>
 528         <title>group listmembers <replaceable>groupname</replaceable> [options]</title>
 529         <para>List all members of the specified AD group.</para>
 530 </refsect3>
 531
 532 <refsect3>
 533         <title>group move <replaceable>groupname</replaceable> <replaceable>new_parent_dn</replaceable> [options]</title>
 534         <para>This command moves a group into the specified organizational unit
 535         or container.</para>
 536         <para>The groupname specified on the command is the sAMAccountName.
 537         </para>
 538         <para>The name of the organizational unit or container can be
 539         specified as a full DN or without the domainDN component.</para>
 540         <para></para>
 541 </refsect3>
 542
 543 <refsect3>
 544         <title>group removemembers <replaceable>groupname</replaceable> <replaceable>members</replaceable> [options]</title>
 545         <para>Remove members from the specified AD group.</para>
 546 </refsect3>
 547
 548 <refsect2>
 549         <title>ldapcmp <replaceable>URL1</replaceable> <replaceable>URL2</replaceable> <replaceable>domain|configuration|schema|dnsdomain|dnsforest</replaceable> [options] </title>
 550         <para>Compare two LDAP databases.</para>
 551 </refsect2>
 552
 553 <refsect2>
 554         <title>ntacl</title>
 555         <para>Manage NT ACLs.</para>
 556 </refsect2>
 557
 558 <refsect3>
 559         <title>ntacl get <replaceable>file</replaceable> [options]</title>
 560         <para>Get ACLs on a file.</para>
 561 </refsect3>
 562
 563 <refsect3>
 564         <title>ntacl set <replaceable>acl</replaceable> <replaceable>file</replaceable> [options]</title>
 565         <para>Set ACLs on a file.</para>
 566 </refsect3>
 567
 568 <refsect3>
 569         <title>ntacl sysvolcheck</title>
 570         <para>Check sysvol ACLs match defaults (including correct ACLs on GPOs).</para>
 571 </refsect3>
 572
 573 <refsect3>
 574         <title>ntacl sysvolreset</title>
 575         <para>Reset sysvol ACLs to defaults (including correct ACLs on GPOs).</para>
 576 </refsect3>
 577
 578 <refsect3>
 579         <title>ou create <replaceable>ou_dn</replaceable> [options]</title>
 580         <para>Create an organizational unit.</para>
 581         <para>The name of the organizational unit can be specified as a full DN
 582         or without the domainDN component.</para>
 583
 584         <variablelist>
 585         <varlistentry>
 586         <term>--description=DESCRIPTION</term>
 587         <listitem><para>
 588         Specify OU's description.
 589         </para></listitem>
 590         </varlistentry>
 591         </variablelist>
 592 </refsect3>
 593
 594 <refsect3>
 595         <title>ou delete <replaceable>ou_dn</replaceable> [options]</title>
 596         <para>Delete an organizational unit.</para>
 597         <para>The name of the organizational unit can be specified as a full DN
 598         or without the domainDN component.</para>
 599
 600         <variablelist>
 601         <varlistentry>
 602         <term>--force-subtree-delete</term>
 603         <listitem><para>
 604         Delete organizational unit and all children reclusively.
 605         </para></listitem>
 606         </varlistentry>
 607         </variablelist>
 608 </refsect3>
 609
 610 <refsect3>
 611         <title>ou list [options]</title>
 612         <para>List all organizational units.</para>
 613         <variablelist>
 614         <varlistentry>
 615         <term>--full-dn</term>
 616         <listitem><para>
 617         Display DNs including the base DN.
 618         </para></listitem>
 619         </varlistentry>
 620         </variablelist>
 621 </refsect3>
 622
 623 <refsect3>
 624         <title>ou listobjects <replaceable>ou_dn</replaceable> [options]</title>
 625         <para>List all objects in an organizational unit.</para>
 626         <para>The name of the organizational unit can be specified as a full DN
 627         or without the domainDN component.</para>
 628
 629         <variablelist>
 630         <varlistentry>
 631         <term>--full-dn</term>
 632         <listitem><para>
 633         Display DNs including the base DN.
 634         </para></listitem>
 635         </varlistentry>
 636
 637         <varlistentry>
 638         <term>-r|--recursive</term>
 639         <listitem><para>
 640         List objects recursively.
 641         </para></listitem>
 642         </varlistentry>
 643         </variablelist>
 644 </refsect3>
 645
 646 <refsect3>
 647         <title>ou move <replaceable>old_ou_dn</replaceable> <replaceable>new_parent_dn</replaceable> [options]</title>
 648         <para>Move an organizational unit.</para>
 649         <para>The name of the organizational units can be specified as a full DN
 650         or without the domainDN component.</para>
 651 </refsect3>
 652
 653 <refsect3>
 654         <title>ou rename <replaceable>old_ou_dn</replaceable> <replaceable>new_ou_dn</replaceable> [options]</title>
 655         <para>Rename an organizational unit.</para>
 656         <para>The name of the organizational units can be specified as a full DN
 657         or without the domainDN component.</para>
 658 </refsect3>
 659
 660 <refsect2>
 661         <title>rodc</title>
 662         <para>Manage Read-Only Domain Controller (RODC).</para>
 663 </refsect2>
 664
 665 <refsect3>
 666         <title>rodc preload <replaceable>SID</replaceable>|<replaceable>DN</replaceable>|<replaceable>accountname</replaceable> [options]</title>
 667         <para>Preload one account for an RODC.</para>
 668 </refsect3>
 669
 670 <refsect2>
 671         <title>sites</title>
 672         <para>Manage sites.</para>
 673 </refsect2>
 674
 675 <refsect3>
 676         <title>sites create <replaceable>site</replaceable> [options]</title>
 677         <para>Create a new site.</para>
 678 </refsect3>
 679
 680 <refsect3>
 681         <title>sites remove <replaceable>site</replaceable> [options]</title>
 682         <para>Delete an existing site.</para>
 683 </refsect3>
 684
 685 <refsect2>
 686         <title>spn</title>
 687         <para>Manage Service Principal Names (SPN).</para>
 688 </refsect2>
 689
 690 <refsect3>
 691         <title>spn add <replaceable>name</replaceable> <replaceable>user</replaceable> [options]</title>
 692         <para>Create a new SPN.</para>
 693 </refsect3>
 694
 695 <refsect3>
 696         <title>spn delete <replaceable>name</replaceable> [<replaceable>user</replaceable>] [options]</title>
 697         <para>Delete an existing SPN.</para>
 698 </refsect3>
 699
 700 <refsect3>
 701         <title>spn list <replaceable>user</replaceable> [options]</title>
 702         <para>List SPNs of a given user.</para>
 703 </refsect3>
 704
 705 <refsect2>
 706         <title>testparm</title>
 707         <para>Check the syntax of the configuration file.</para>
 708 </refsect2>
 709
 710 <refsect2>
 711         <title>time</title>
 712         <para>Retrieve the time on a server.</para>
 713 </refsect2>
 714
 715 <refsect2>
 716         <title>user</title>
 717         <para>Manage users.</para>
 718 </refsect2>
 719
 720 <refsect3>
 721         <title>user add <replaceable>username</replaceable> [<replaceable>password</replaceable>]</title>
 722         <para>Create a new user. Please note that this subcommand is deprecated
 723         and available for compatibility reasons only. Please use
 724         <command>samba-tool user create</command> instead.</para>
 725 </refsect3>
 726
 727 <refsect3>
 728         <title>user create <replaceable>username</replaceable> [<replaceable>password</replaceable>]</title>
 729         <para>Create a new user in the Active Directory Domain.</para>
 730 </refsect3>
 731
 732 <refsect3>
 733         <title>user delete <replaceable>username</replaceable> [options]</title>
 734         <para>Delete an existing user account.</para>
 735 </refsect3>
 736
 737 <refsect3>
 738         <title>user disable <replaceable>username</replaceable></title>
 739         <para>Disable an user account.</para>
 740 </refsect3>
 741
 742 <refsect3>
 743         <title>user enable <replaceable>username</replaceable></title>
 744         <para>Enable an user account.</para>
 745 </refsect3>
 746
 747 <refsect3>
 748         <title>user list</title>
 749         <para>List all users.</para>
 750 </refsect3>
 751
 752 <refsect3>
 753         <title>user show <replaceable>username</replaceable> [options]</title>
 754         <para>Display a user AD object.</para>
 755
 756         <variablelist>
 757         <varlistentry>
 758         <term>--attributes=USER_ATTRS</term>
 759         <listitem><para>
 760         Comma separated list of attributes, which will be printed.
 761         </para></listitem>
 762         </varlistentry>
 763         </variablelist>
 764 </refsect3>
 765
 766 <refsect3>
 767         <title>user move <replaceable>username</replaceable> <replaceable>new_parent_dn</replaceable> [options]</title>
 768         <para>This command moves a user account into the specified
 769         organizational unit or container.</para>
 770         <para>The username specified on the command is the
 771         sAMAccountName.</para>
 772         <para>The name of the organizational unit or container can be
 773         specified as a full DN or without the domainDN component.</para>
 774 </refsect3>
 775
 776 <refsect3>
 777         <title>user password [options]</title>
 778         <para>Change password for an user account (the one provided in
 779         authentication).</para>
 780 </refsect3>
 781
 782 <refsect3>
 783         <title>user setexpiry <replaceable>username</replaceable> [options]</title>
 784         <para>Set the expiration of an user account.</para>
 785 </refsect3>
 786
 787 <refsect3>
 788         <title>user setpassword <replaceable>username</replaceable> [options]</title>
 789         <para>Sets or resets the password of an user account.</para>
 790 </refsect3>
 791
 792 <refsect3>
 793         <title>user getpassword <replaceable>username</replaceable> [options]</title>
 794         <para>Gets the password of an user account.</para>
 795 </refsect3>
 796
 797 <refsect3>
 798         <title>user syncpasswords <replaceable>--cache-ldb-initialize</replaceable> [options]</title>
 799         <para>Syncs the passwords of all user accounts, using an optional script.</para>
 800         <para>Note that this command should run on a single domain controller only
 801         (typically the PDC-emulator).</para>
 802 </refsect3>
 803
 804 <refsect2>
 805         <title>vampire [options] <replaceable>domain</replaceable></title>
 806         <para>Join and synchronise a remote AD domain to the local server.
 807         Please note that <command>samba-tool vampire</command> is deprecated,
 808         please use <command>samba-tool domain join</command> instead.</para>
 809 </refsect2>
 810
 811 <refsect2>
 812         <title>visualize [options] <replaceable>subcommand</replaceable></title>
 813         <para>Produce graphical representations of Samba network state.
 814         To work out what is happening in a replication graph, it is sometimes
 815         helpful to use visualisations.</para>
 816
 817         <para>
 818         There are two subcommands, two graphical modes, and (roughly) two modes
 819         of operation with respect to the location of authority.</para>
 820
 821         <refsect3><title>MODES OF OPERATION</title>
 822         <varlistentry>
 823                 <term>samba-tool visualize ntdsconn</term>
 824                 <listitem><para>Looks at NTDS connections.
 825                 </para></listitem>
 826                 </varlistentry>
 827
 828         <varlistentry>
 829                 <term>samba-tool visualize reps</term>
 830                 <listitem><para>Looks at repsTo and repsFrom objects.
 831                 </para></listitem>
 832                 </varlistentry>
 833         </refsect3>
 834
 835         <refsect3><title>GRAPHICAL MODES</title>
 836         <varlistentry>
 837                 <term>--distance</term>
 838                 <listitem><para>Distances between DCs are shown in a matrix in
 839                  the terminal.
 840                 </para></listitem>
 841                 </varlistentry>
 842
 843         <varlistentry>
 844                 <term>--dot</term>
 845                 <listitem><para>Generate Graphviz dot output. When viewed using
 846                 dot or xdot, this shows the network as a graph with DCs as
 847                 vertices and connections edges. Certain types of degenerate
 848                 edges are shown in different colours or line-styles.
 849                 </para></listitem>
 850                 </varlistentry>
 851         </refsect3>
 852
 853         <varlistentry>
 854                 <term>-r</term>
 855                 <listitem><para>Normally, <command>samba-tool</command> talks
 856                 to one database; with the <arg choice="opt">-r</arg> option
 857                 attempts are made to contact all the DCs known to the first
 858                 database. This is necessary to get sensible results from
 859                 <command>samba-tool visualize reps</command> because the
 860                 repsFrom/To objects are not replicated, and it can reveal
 861                 replication issues in other modes.
 862                 </para></listitem>
 863                 </varlistentry>
 864 </refsect2>
 865
 866 <refsect2>
 867 <title>help</title>
 868 <para>Gives usage information.</para>
 869 </refsect2>
 870
 871 </refsect1>
 872
 873 <refsect1>
 874         <title>VERSION</title>
 875
 876         <para>This man page is complete for version &doc.version; of the Samba
 877         suite.</para>
 878 </refsect1>
 879
 880 <refsect1>
 881         <title>AUTHOR</title>
 882
 883         <para>The original Samba software and related utilities
 884         were created by Andrew Tridgell. Samba is now developed
 885         by the Samba Team as an Open Source project similar
 886         to the way the Linux kernel is developed.</para>
 887 </refsect1>
 888
 889 </refentry>