Manage UNIX groups and users in Samba Active Directory.

Create groups.

$ sudo samba-tool group add cats --gid-number 8000 --nis-domain OCTOCAT --description "Cats group"
Added group cats
$ sudo samba-tool group add vampires --gid-number 8001 --nis-domain OCTOCAT --description "Vampires group"
Added group dogs
$ sudo samba-tool group add octocat --gid-number=10000 --nis-domain=OCTOCAT --description "Octocat group"
Added group octocat

Edit group.

$ sudo samba-tool group edit octocat
dn: CN=octocat,CN=Users,DC=octocat,DC=lab
objectClass: top
objectClass: group
cn: octocat
description: Octocat group
instanceType: 4
whenCreated: 20210930172216.0Z
whenChanged: 20210930172216.0Z
uSNCreated: 4080
uSNChanged: 4080
name: octocat
objectGUID: 76e7e98d-2867-4062-9cb7-21a9345135b3
objectSid: S-1-5-21-3581266272-3984212215-1130392956-1106
sAMAccountName: octocat
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=octocat,DC=lab
msSFU30Name: octocat
msSFU30NisDomain: OCTOCAT
gidNumber: 10000
distinguishedName: CN=octocat,CN=Users,DC=octocat,DC=lab
Modified group 'octocat' successfully

Create users.

$ sudo samba-tool user create \
                octo 0ctOpass \
                  --given-name Octo --surname Cat --home-directory /home/octocat \
                  --uid octo --uid-number 10000 --gid-number 10000 \
                  --unix-home /home/octocat  \
                  --gecos 'Octo Cat' \
                  --nis-domain OCTOCAT \
User 'octo' created successfully
$ sudo samba-tool user create vampire v4mP4ss
User 'vampire' created successfully

Add UNIX attributes to specific user.

$ sudo samba-tool user addunixattrs vampire 10001 --gid-number 100 --unix-home /home/vampire --login-shell /bin/bash
Modified User 'vampire' successfully

Display user information.

$ sudo samba-tool user show vampire
dn: CN=vampire,CN=Users,DC=octocat,DC=lab
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: vampire
instanceType: 4
whenCreated: 20210930172540.0Z
uSNCreated: 4085
name: vampire
objectGUID: e64f4bd0-5b79-48ea-8ed6-91843f1ed14e
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-3581266272-3984212215-1130392956-1108
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: vampire
sAMAccountType: 805306368
userPrincipalName: vampire@octocat.lab
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=octocat,DC=lab
pwdLastSet: 132774963400609290
userAccountControl: 512
uidNumber: 10001
gidNumber: 100
gecos: vampire
uid: vampire
loginShell: /bin/bash
unixHomeDirectory: /home/vampire
whenChanged: 20210930172831.0Z
uSNChanged: 4088
distinguishedName: CN=vampire,CN=Users,DC=octocat,DC=lab

Get user groups.

$ sudo samba-tool user getgroups octo
Domain Users

List users.

$ sudo samba-tool user list

Define password expiration.

$ sudo samba-tool user setexpiry --days 120 octo
Expiry for user 'octo' set to 120 days.
$ sudo samba-tool user setexpiry --noexpiry vampire
Expiry for user 'vampire' disabled.

Add user to group.

$ sudo samba-tool group addmembers cats octo,vampire
Added members to group cats
$ sudo samba-tool group addmembers vampires vampire
Added members to group vampires

List groups.

$ sudo samba-tool group list
Event Log Readers
Certificate Service DCOM Access
Print Operators
Incoming Forest Trust Builders
Remote Desktop Users
Enterprise Read-only Domain Controllers
RAS and IAS Servers
Domain Users
Windows Authorization Access Group
Domain Admins
Denied RODC Password Replication Group
Performance Log Users
Pre-Windows 2000 Compatible Access
Backup Operators
Domain Computers
Cert Publishers
Account Operators
Read-only Domain Controllers
Group Policy Creator Owners
Enterprise Admins
Schema Admins
Domain Controllers
Distributed COM Users
Cryptographic Operators
Allowed RODC Password Replication Group
Terminal Server License Servers
Domain Guests
Performance Monitor Users
Server Operators
Network Configuration Operators

List group members.

$ sudo samba-tool group listmembers cats

Remove user from a group.

$ sudo samba-tool group removemembers cats vampire
Removed members from group cats

Delete group.

$ sudo samba-tool group delete vampires
Deleted group vampires

Delete user.

$ sudo samba-tool user delete  vampire 
Deleted user vampire

Change user password.

$ sudo samba-tool user password -U octo
Password for [OCTOCAT\octo]: ************
New Password:    ************
Retype Password: ************
Changed password OK

Additional information

An Approach for Using LDAP as a Network Information Service