User and group management with adcli
We are not just restricted to consuming these domain accounts; we also have a level of management of Active Directory from the command line of our Linux servers. With the correct privileges in Active Directory, we can:
Create users and groups
Modify group memberships
Delete users and groups
Although the tools are not as rich as you will find with the native OS, especially when using PowerShell, there is a need and advantage to some of the management provided by Linux devices.
If you are a Linux administrator and work mainly on Linux, it does make sense for you to add Active Directory users to groups that you use for delegation on Linux. For example, you can maintain an Active Directory group called LinuxAdmins
and delegate rights via the /etc/sudoers
file to this group. It's quite correct that you maintain and control the AD group and not necessarily the Domain Admins
group in the AD.
Listing the Active Directory information
To begin with the
adcli
command...