Lastly, I tested the latest SVN a bit with the old User Manager for Domains. I made then some annotations about things, that in my eyes are bugs (maybe in yours not). The first thing I could also reproduce in ADUC. The last two points I noticed in ADUC. Generally: - When I delete a user or group, then the referring entries aren't removed in other group object(s) in AD. When I then open the group properties of them I recieve a SAM error (I had then to fix the entries in ADSI Edit manually) User Manager: - I think the user icons are wrong, in SAMBA 3 they are right - When I want to switch the domain with "User/Select Domain" I can see the domain, but also users and machines. - There is something wrong in the user table: under the col "Full Name" I can see the descriptions, but under "Description" I see nothing. - When I create a user, then the key in AD is cn=<username> and not the fullname like when I add it with ADUC. - When I add a user with the User Manager, the Win2000 and above username isn't set. - When I want to change or set the flags "Password never expires, Account disabled ..." in the user properties/add dialog, this often has no effect. - When I want to add a local group, and click on "Members/Add" I get "You cannot browse all domains, where you have privileges. RPC protocol error" (maybe this has to be do with WINS?) - The options in the "Policies" menu aren't working properly. Active Directory Users and Computers: - When I click on the tab "Members" in the properties of a group object, I can't see anything. - When I click on the tab "Member of" in the properties of a group object, I get something like "The submitted AD path is illegal". But also in user objects the content sometimes isn't right.
Thanks, I'll start trying to look at these! For clarity, any chance you can show the resulting ldif with AD compared with Samba4? Otherwise, I'll just set this up myself.
Sadly, I haven't a MS Server available. Please try the steps and answer then here!
Addition: User Manager: - When I rename a user then only the NT4 username is updated Active Directory Users and Computers: - Users cannot be copied because an "unknown error" - When I add a user account, it isn't added to "Domain Users" (at least I can't notice a change in the "Domain Users" object "members" attribute) - User Manager does this right
But also new workstations (also when joining) and new domain controllers should also be added automatically to "Domain Computers" and "Domain Controllers" using the "member" attribute. In my opinion it isn't sufficient to set only the "primaryGroupID".
Another few annotations when working with ADUC: - When I tried to add a workstation account in ADUC, the default group is set to "Domain Admins" and not "Domain Machines". - Maybe you could also have a look to the search tool in ADUC. I think it doesn't really work with SAMBA at this moment. I gave it a few times a try but it never gave the correct results (every time an empty result). - I tried once also to change a users primary group from "Domain Users" to another one and the ADUC console crashed. Please tell me when there has been fixed something and I will try to retest the things and give you an answer.
Can you please split these into several bugs, one for each issue? I can merge them later if they turn out to be the same thing, but there are many different issues here. Thanks,
The usrmgr display issues (icons and full name) are fixed in -r 24052 Thanks!
The list of domains issue should be fixed by -r 24053.
Okay, the first three bugs under "User Manager" I couldn't find anymore. Thanks for the fix!
Comment 5 point 1 isn't valid. I confused the machine group "Domain Computers" with the computer joining group "Domain Admins". It's my fault.
This has become a mess. Any chance of filing a new bug with just the parts that remain? Then I'll make this one FIXED, and work on the remaining parts.
Ok. I've now merged the things in new bugs. I'll close now this bug with INVALID (I think the most appropriate cause).