Command-Line Interface
Synopsis
adman [-h] [-c CONFIG] [-v] [--version]
[--loglevel LEVEL]
COMMAND ...
- Global Options:
- -h, --help
Show help message and exit
- --version
Show ADMan version and exit
- --loglevel LEVEL
Set the logging level (default: WARNING)
Options: DEBUG,INFO,WARNING,ERROR,CRITICAL
- -c CONFIG, --config CONFIG
Alternate path to config file
- -v, --verbose
Show verbose output
Commands
Command |
Description |
---|---|
Top-level commands |
|
Perform all automated maintenance (assign IDs, UPNs) |
|
Assign all missing |
|
Clear all |
|
Execute a command in Kerberos context |
|
Find stale accounts and report/disable per config |
|
computer |
Computer sub-commands |
Assign missing |
|
List computers |
|
group |
Group sub-commands |
Assign missing |
|
List groups |
|
state |
State sub-commands |
List state information |
|
Initialize state information |
|
user |
User sub-commands |
Assign missing |
|
Check for expiring/expired passwords |
|
Set |
|
List users |
|
Make user directories |
Top-level commands
allmaint
Shortcut command which runs all* automated maintenance commands:
assignids
Shortcut command which runs the following ID number assignment commands:
computer assign (if configured)
clearids
This command will clear all *idNumber
attributes for the configured:
Group
gidNumber
User
uidNumber
&gidNumber
Computer
uidNumber
&gidNumber
exec
(Added in v0.6.0) This command enables running arbitrary command lines in the
ADMan Kerberos context. This is useful for samba-tool
commands which
support Kerberos.
Example:
$ adman exec samba-tool domain backup online --server=dc1.example.com --targetdir=domainbakup -k yes
findstale
(Added in v0.7.0)
This command will find stale user/computer accounts and disable them as configured. If configured, it will send a report to the admin.
Computer commands
computer assign
See user assign.
computer list
List all computers.
Group commands
group assign
This ID number assignment command will:
Assign
gidNumber
values to all configured groups.The next
gidNumber
to be assigned is stored inmsSFU30MaxGidNumber
.
group list
List all groups.
State commands
These commands interact with the ADMan-related state recorded in LDAP.
state list
List the current state:
$ adman state list
Next uidNumber: 100011
Next gidNumber: 100008
state init
Initialize the ADMan state.
adman state init [-h] [--force | --ignore]
- Options:
- -h, --help
Show help message and exit
- --force
Force re-initialization; overwrite existing values with
MAX(xidNumber)+1
- --ignore
Ignore partially-initialized state and initialize other values
This command evaluates the uidNumber
/gidNumber
values currently
assigned to users/groups, and sets the “Next uidNumber” and “Next gidNumber”
values accordingly:
If no
xidNumber
are currently assigned, sets “next” to the beginning of the configured range.Otherwise, sets “next” to
MAX(xidNumber)+1
.
If the state is already initialized and is as expected, nothing is done:
$ adman state init
Next uidNumber: 100011
Next gidNumber: 100008
If the state is already initialized but doesn’t match the expected value, an error is printed:
$ adman state init
Next uidNumber: 100011
Next gidNumber: 100008
Error: Domain state next_uid already set to 100011, doesn't match expected 100008
Use --force or --ignore
User commands
user assign
This ID number assignment command will:
Assign
uidNumber
values to all configured users.The next
uidNumber
to be assigned is stored inmsSFU30MaxUidNumber
.
Update the
gidNumber
to match that of the user’s primary group (primaryGroupID
).
user checkexpire
(Added in v0.2.0)
This command will send an email to users whose passwords are expiring in the configured time window.
user setupns
This command will update users’ userPrincipalName
attribute if necessary to
match the configured UPN suffix.
user list
List all users.
user mkdirs
This command will create per-user directories as configured.