Last week I found a truly excellent tool for adding, modifying and managing user in Active Directory from Linux. It’s in Ubuntu

sudo aptitude install adtool

For a better guide in setting it up Vide has a great one over at his site.

One thing that got me though, you have to make sure your /etc/ldap/ldap.conf file is set up correctly, which should have been obvious but it stumped me for a while (necessary to allow setting passwords etc.)

Make sure you have the following in your config:

BASE    dc=ad-servername,dc=example,dc=com
URI     ldaps://ad-servername.example.com
TLS_REQCERT allow

This allows you to correctly receive the SSL certificate from the server, otherwise you’ll get an error like this:

bind: : Can’t contact LDAP server (-1)

And hey presto you can avoid using MMC to manage users. 🙂 And if you combine it with wmic ….. happy days !

Advertisements