Zimbra CLI Commands: Zmprov

This article is part of a series of guides on how to use the Command-Line utility in Zimbra. We are going to see how to manage the most common administrative operations through the command line, analyzing the syntax with which instructions are given and providing practical examples of use.
In this guide, in particular, we will focus on the Provisioning command, zmprov.


First of all, we want to indroduce you to some informations about CLI in Zimbra, that will be useful to better read and use all the guides and articles related to CLI commands.

The Command-Line utilities for Zimbra follow the same logic as the UNIX command-line.

To run any CLI command, you have to log in as Zimbra user, so remember to enter su – zimbra before start working with Zimbra CLI.

Please note that CLI commands are case-sensitive

A few notes about syntax:

  • {attribute} in curly brackets is a required information
  • [attribute] in square brackets are considered optional arguments or information
  • {a|b|c} or [a|b|c] options separated by the pipe character | means “a” OR “b” OR “c”


The zmprov tool goes to execute all provisioning tasks in Zimbra LDAP. Those including creating and managing accounts, aliases, domains, COS, distribution lists and calendar resources.

Each operation is invoked through CLI options, and they can be used with a short or long name as we will see later on.

The basic syntax is zmprov [cmd] [argument] and can include a “+” or “-” prefix to make changes to the attributes affected without the needing of reenter them. Obviously “+” will add a new istance of the specified attribute name, without changing any existing one, while “-” will remove a specific instance of an attribute.

WARNING: if you modify a multi instance attribute without specifying the + symbol, all other attribute instances are lost! Pay attention when modify this kind of attributes. Two important multi instance attributes are: zimbraServiceEnabled and zimbraServiceInstalled, to avoid accidentaly removing of services they are protected and you have to use the -r/–replace option.

We are going to divide tasks in three sections. Each of these is connected to a specific article that goes to analyze the commands related to it:

General ZMPROV Options

–help-hdisplay usage
–file-fuse file as input stream
–server-s{host}[:{port}] server hostname and optional port
–ldap-lprovision via LDAP instead of SOAP
–log property file-Llog 4j property file, valid only with -l
–account {name}-aaccount name to auth as
–password {pass}-ppassword for account
–passfile {file}-Pread password from file
–zadmin-zuse Zimbra admin name/password from localconfig for admin/password
–authtoken (authtoken)-yuse auth token string (has to be in JSON format) from command line
–authtoken (authtoken file)-Yuse auth token string (has to be in JSON format) from command line
–verbose-vverbose mode (dumps full exception stack trace)
–debug-d/debug mode (dumps SOAP messages)
–master-muse LDAP master. This only valid with -l
–replace-rallow replacement of safe-guarded multi-valued attributes configured in localconfig key “zmprov_safeguarded_attrs”

Technical writer at Zextras. Linux and technology enthusiast. He describes himself as an atypical and polyhedric IT expert, thanks to a creative and open minded attitude, and to the experience gained over time as an IT technician, system engineer and developer.

Post your comment