net

The samba net utility is meant to work just like the net utility available for windows and DOS. The first argument should be used to specify the protocol to use when executing a certain command. ADS is used for ActiveDirectory, RAP is using for old clients and RPC can be used for NT4 and Windows 2000. If this argument is omitted, net will try to determine it automatically. Not all commands are available on all protocols.^[1]

Documentation

man 8 'net' [EN]

Syntax

net [PROTOCOL] SUBCOMMAND [PARAMETER ...]

Subcommands & Parameters

[RPC|ADS] GROUP [misc options] [targets]: List user groups.
[RPC|ADS] GROUP ADD name [-C comment]: Create specified group.
[RPC|ADS] GROUP DELETE name: Delete specified group.

GROUPMAP ADD: Add a new group mapping entry:; net groupmap add {rid=int|sid=string} unixgroup=string [type={domain|local}] [ntgroup=string] [comment=string]
GROUPMAP DELETE: Delete a group mapping entry. If more then one group name matches, the first entry found is deleted.; net groupmap delete {ntgroup=string|sid=SID}
GROUPMAP LIST: List existing group mapping entries; net groupmap list [verbose] [ntgroup=string] [sid=SID]
GROUPMAP MODIFY: Update en existing group entry; net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] [comment=string] [type={domain|local}]

[RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU]

Join a domain. If the account already exists on the server, and [TYPE] is MEMBER, the machine will attempt to join automatically. Otherwise, a password will be prompted for, and a new account may be created.

[TYPE] may be PDC, BDC or MEMBER to specify the type of server joining the domain.
[UPN] (ADS only) set the principalname attribute during the join. The default format is host/netbiosname@REALM.
[OU] (ADS only) Precreate the computer account in a specific OU. The OU string reads from top to bottom without RDNs, and is delimited by a /.

NOTE:

\ is used for escape by both the shell and ldap, so it may need to be doubled or quadrupled to pass through, and it is not used as a delimiter.

RAP PASSWORD USER OLDPASS NEWPASS: Change password of USER from OLDPASS to NEWPASS.
ADS PRINTER INFO [PRINTER] [SERVER]: Lookup info for PRINTER on SERVER. The printer name defaults to *, the server name defaults to the local host.
ADS PRINTER PUBLISH PRINTER: Publish specified printer using ADS.
ADS PRINTER REMOVE PRINTER: Remove specified printer from ADS directory.

SAM RIGHTS LIST: List all available privileges.
SAM RIGHTS GRANT <NAME> <PRIVILEGE>: Grant one or more privileges to a user.
SAM RIGHTS REVOKE <NAME> <PRIVILEGE>: Revoke one or more privileges from a user.

ADS SEARCH EXPRESSION ATTRIBUTES...: Perform a raw LDAP search on a ADS server and dump the results. The expression is a standard LDAP search expression, and the attributes are a list of LDAP fields to show in the results.; Example: net ads search '(objectCategory=group)' sAMAccountName

[RAP|RPC] SHARE ADD name=serverpath [-C comment] [-M maxusers] [targets]: Adds a share from a server (makes the export active). Maxusers specifies the number of users that can be connected to the share simultaneously.
SHARE DELETE sharenam: Delete specified share.

[RPC|ADS] USER ADD name [password] [-F user flags] [-C comment]: Add specified user.
[RPC|ADS] USER DELETE target: Delete specified user.

References

↑ man 8 'net'

[1] 8 'net'

[1]