SimpleAD is a managed directory service that is powered by a Samba 4 Active Directory Compatible Server. User accounts can be created in SimpleAD to access AWS applications such as AWS Client VPN, Amazon WorkSpaces, Amazon WorkDocs, or Amazon WorkMail.
I have used this service for user authentication in Client VPN. One of the challenges that we faced is that the user management in SimpleAD was very biased to Windows OS and not linux. It was not a good idea to manage a Windows server just to manage users where as all the other applications are running in Linux. After some googling, I came to know about some tools which can be used to manage users in SimpleAD. But none of them are complete or easy to understand. This inspired me to write a post on the same.
Install the packages samba-common, adcli on the Linux OS by which you are trying to manage the AD.
apt-get install -y adcli samba-common
Take note of the Directory domain name and the DNS servers from the AWS SimpleAD console UI. The below example assumes username is the user that we are administering, “password” is the password, vpn.example.com is the directory domain and 192.168.1.2, 192.168.1.3 as the DNS servers for the directory
echo "nameserver 192.168.1.2" > /etc/resolv.conf
echo "nameserver 192.168.1.3" >> /etc/resolv.conf
Create User
echo "password"|adcli create-user username --domain=vpn.example.com --display-name="User FullName" --stdin-password
Delete User
echo "password"|adcli delete-user username --domain=vpn.example.com --stdin-password
List users
net ads user -S vpn.example.com
More adcli commands can be found here