summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/scripting/python/samba/netcmd/gpo.py79
1 files changed, 79 insertions, 0 deletions
diff --git a/source4/scripting/python/samba/netcmd/gpo.py b/source4/scripting/python/samba/netcmd/gpo.py
index e32458ed47..c1d05e3618 100644
--- a/source4/scripting/python/samba/netcmd/gpo.py
+++ b/source4/scripting/python/samba/netcmd/gpo.py
@@ -992,6 +992,84 @@ class cmd_create(Command):
self.outf.write("GPO '%s' created as %s\n" % (displayname, gpo))
+class cmd_del(Command):
+ """Delete GPO"""
+
+ synopsis = "%prog <gpo> [options]"
+
+ takes_optiongroups = {
+ "sambaopts": options.SambaOptions,
+ "versionopts": options.VersionOptions,
+ "credopts": options.CredentialsOptions,
+ }
+
+ takes_args = ['gpo']
+
+ takes_options = [
+ Option("-H", help="LDB URL for database or target server", type=str),
+ ]
+
+ def run(self, gpo, H=None, sambaopts=None, credopts=None,
+ versionopts=None):
+
+ self.lp = sambaopts.get_loadparm()
+ self.creds = credopts.get_credentials(self.lp, fallback_machine=True)
+
+ # We need to know writable DC to setup SMB connection
+ if H and H.startswith('ldap://'):
+ dc_hostname = H[7:]
+ self.url = H
+ else:
+ dc_hostname = netcmd_finddc(self.lp, self.creds)
+ self.url = dc_url(self.lp, self.creds, dc=dc_hostname)
+
+ samdb_connect(self)
+
+ # Check if valid GPO
+ try:
+ get_gpo_info(self.samdb, gpo=gpo)[0]
+ except Exception:
+ raise CommandError("GPO %s does not exist" % gpo)
+
+ realm = self.lp.get('realm')
+ unc_path = "\\\\%s\\sysvol\\%s\\Policies\\%s" % (realm, realm, gpo)
+
+ # Connect to DC over SMB
+ [dom_name, service, sharepath] = parse_unc(unc_path)
+ try:
+ conn = smb.SMB(dc_hostname, service, lp=self.lp, creds=self.creds)
+ except Exception, e:
+ raise CommandError("Error connecting to '%s' using SMB" % dc_hostname, e)
+
+ self.samdb.transaction_start()
+ try:
+ # Check for existing links
+ msg = get_gpo_containers(self.samdb, gpo)
+
+ if len(msg):
+ self.outf.write("GPO %s is linked to containers\n" % gpo)
+ for m in msg:
+ del_gpo_link(self.samdb, m['dn'], gpo)
+ self.outf.write(" Removed link from %s.\n" % m['dn'])
+
+ # Remove LDAP entries
+ gpo_dn = get_gpo_dn(self.samdb, gpo)
+ self.samdb.delete(ldb.Dn(self.samdb, "CN=User,%s" % str(gpo_dn)))
+ self.samdb.delete(ldb.Dn(self.samdb, "CN=Machine,%s" % str(gpo_dn)))
+ self.samdb.delete(gpo_dn)
+
+ # Remove GPO files
+ conn.deltree(sharepath)
+
+ except Exception:
+ self.samdb.transaction_cancel()
+ raise
+ else:
+ self.samdb.transaction_commit()
+
+ self.outf.write("GPO %s deleted.\n" % gpo)
+
+
class cmd_gpo(SuperCommand):
"""Group Policy Object (GPO) management"""
@@ -1007,3 +1085,4 @@ class cmd_gpo(SuperCommand):
subcommands["setinheritance"] = cmd_setinheritance()
subcommands["fetch"] = cmd_fetch()
subcommands["create"] = cmd_create()
+ subcommands["del"] = cmd_del()