How to add at ldapservice account at creation: "isCriticalSystemObject=TRUE"

Thanks for explanation, after it and reading the following posts I think I understand your problem.
At the moment I have no connection to a samba ad, but I think you can manage it also from a windows client with rsat tools. For Microsoft AD it works with the next steps:

• click on the user with the right mouse button
• click on prperties
• click on attribute editor
• search for isCriticalSystemObject and change the value to true

For the next time please think of giving us some more informations in your question. Then more informations we have, then more we can help. And please try to explain your problem for people who are not specialised for this theme, so more people can try to help. In my opinion much sysadmins are allrounder, but they have to read a little bit for understanding themes they are not specialised for. If you want us to help, we have to understand your problem, to know what we are searching for.

Thanks for your reply!

But what is the code line to add at creation?

• https://github.com/NethServer/nethserver-dc/blob/5b65852a5835527a976566d5be0d55f63225ef27/root/etc/e-smith/events/actions/nethserver-dc-createldapservice#L62

Thanks in advance.

cc @giacomo.

You just can’t because samba-tool doesn’t support it.
If you want, you can try with RSAT tools.

@giacomo: Ok but how it is done for other accounts?

• Administrator
• Guest
• krbtgt
• NSDC-SERVER
• the NS server

Same to groups (for examples):

• Backup Operators
• Domain Users
• …

Add here:

• nethserver-dc/root/etc/e-smith/events/actions/nethserver-dc-createldapservice at 5b65852a5835527a976566d5be0d55f63225ef27 · NethServer/nethserver-dc · GitHub

-
replace: "isCriticalSystemObject"
isCriticalSystemObject: TRUE
-
replace: "showInAdvancedViewOnly"
showInAdvancedViewOnly: TRUE

@giacomo: How it is possible to test it?

“replace” in my previous comment but can be “add”.

Thanks in advance.