How to get the group member list from a Linux computer in the domain? Samba AD/DC

I believe you need to use ldapsearch instead of smb-tools. Something to the effect of;

ldapsearch -LLL -b "dc=example,dc=com" "(&(cn=*)(memberUid=user))" dn

You are so very nearly there, your command is just missing a vital piece of information. You need to add '-H ldap://samdom.example.com' to the command, where 'samdom.example.com' is your dns domain.

Thank to @CryptoJones I watched into LDAP. Here is what I did to have it working.

First of all, the two computers I am using in this example are both Debian 10. Samba and all other software was installed as a Debian package. Samba AD/DC configuration followed the example in the official Samba website.

My AD/DC create the domain "windom.borghi.lan" and its name is "dc1.windom.borghi.lan". I call AD from the machine "linte.windom.borghi.lan", where I am logged in as Domain user "WINDOM\nicola".

In the machine "linte" I installed two packages:

$> sudo apt-get install libsasl2-modules-gssapi-mit
$> sudo apt-get install libsasl2-modules-gssapi-heimdal

Then, to query all the members of my Domain group 'g-leggiTutto' I do:

linte WINDOM\nicola> ldapsearch  -H ldap://dc1 -Y GSSAPI -b "dc=windom,dc=borghi,dc=lan" '(memberOf=CN=g-leggitutto*)'

AFAICsay it is not possible to use the previous method to look for all the users of the group "Domain Users". But, you can search all the users and then filter them. It is the first time I use LDAP, there might be better ways.

linte WINDOM\nicola> ldapsearch  -H ldap://dc1 -Y GSSAPI -b "dc=windom,dc=borghi,dc=lan" '(sAMAccountName=*)'

Then I filter out group entries and computer entries and I get a reasonable result.

linte WINDOM\nicola> ldapsearch  -H ldap://dc1 -Y GSSAPI -b "dc=windom,dc=borghi,dc=lan" '(&(sAMAccountName=*)(!(objectClass=group))(!(objectClass=computer)) )' 

bye