Samba AD Administrator Group

NethServer Version: 7.2.1511
Module: Users and Groups


I’ve been playing with the AD domain controller in NS7, with an eye to replacing an existing Windows 2003 DC. Setup is straightforward and users can connect to the NS AD DC.
One issue I have is adding users to the Domain Admin group. There is no admin group listed under Users and Groups, but if I try to create a group called ‘administrators’ I get an error that it couldn’t be created as it already exists.
Is there a bug that’s preventing the admin group from appearing in the Groups list or am I doing something wrong?


It is not a bug, it’s a feature :smile:

It has been deliberately hidden!

As workaround, you could try to remove the “Administrators” line from


I don’t know if this break something else… /cc @dev_team

Thanks for the suggestion Davide, I’ve not tried it though as you were unsure of the consequences and I didn’t want to break things!

I think I’ve found a better way though. On a Windows PC I installed RSAT, which (among other things) lets me do all the things I need to do to administer Active Directory settings. Using RSAT I can get in there and add users to the admin group and do other nice things like force a password reset on next login etc. Basically it appears to have the same functionality as using the ‘Manage Active Directory Users and Groups’ option on Windows server 2003.

Download RSAT here:

Setup guide here:

I have another query relating to this method though. If I add a new user via RSAT then look at the user in ‘Users and Groups’ on NS there is a key shaped icon next to the user name. It appears I can still edit the user (it doesn’t appear to be locked as the key would indicate). Any idea what the key icon signifies?

Thanks again.


IIRC it can be in a “locked” state, or has an expired password or no password at all.

1 Like

That would be the main goal here I guess.
Thanks for sharing! I think we should collect all this guides about AD administration @docs_team


Yep that was it, an expired password. Once the password was changed the key disappeared. Nothing to worry about then :grinning:. I don’t think I have any further Active Directory issues… things are looking promising indeed!


I love that, how and where should we document it? @docs_team