Name

rpcclient commands

Synopsis

Aside from a few miscellaneous commands, the rpclient commands fall into three groups: LSARPC, SAMR, and SPOOLSS. The function names mentioned in some of the commands are those documented in the Microsoft Platform SDK.

General commands

debuglevel level

Sets the debugging level to level. With no argument, the current debugging level is printed.

help

Prints help on the commands.

quit

Exits rpcclient. A synonym is exit.

Local Security Authority Remote Procedure Calls (LSARPC) commands

enumprivs

Lists the types of privileges known to this domain.

enumtrust

Lists the domains trusted by this domain.

getdispname priv_name

Prints information on the privilege named priv_name.

lookupsids name

Finds a name that corresponds to a security identifier (SID).

lookupnames sid

Finds the SID for one or more names.

lsaquery

Queries the LSA object.

lsaenumsid

Lists SIDs for the local LSA.

lsaquerysecobj

Prints information on security objects for the LSA.

Security Access Manager RPC (SAMR) commands

createdomuser username

Adds a new user in the domain.

deletedomuser username

Removes a user from the domain.

enumalsgroups type

Lists alias groups in the domain, along with their group RIDs. The type argument can be either builtin, to list Windows built-in groups such as Administrators and Power Users, or domain, to list groups in the domain. See also the queryuseraliases command.

enumdomgroups

Lists the groups in the domain, along with their group RIDs.

queryaliasmem user_rid

Get Using Samba, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial