domain admin users and roaming profiles

Gerald Carter cartegw at Eng.Auburn.EDU
Thu Jul 30 12:37:39 GMT 1998

Michel Christaller wrote:
> when using roaming profiles, and a domain admin
> users list, profiles a used as they are to be with
> normal users, but all domain admin users take only
> one profile (that of the first domain admin user
> logging on the station). When I log with another
> domain admin user, his profile is not downloaded,
> and when putting icons on desk, they are stored
> in the first (domain admin) user's desk directory.
> I use a pretty outdated cvs snapshot, so maybe
> this is due to using the same SID for all domain
> admin users (??). If so, will it be the same with
> the new mechanism not using a unique SID ?

>From the NTDOM FAQ...

4.2  Why are all the users listed in the "domain admin users" using the
same profile?

There are several well known RIDs in Windows NT.  One of these the the
admin RID which is 500.  Currently samba supports domain admin users by
assigning them the Administrator RID of 500 rather than the way that
normal user RID are generated ( by 1000 to the unix uid ).  The will
change in the future as more is learned about the methods to implement
this and as NT groups become supported.

The hard coded RID for domain admins can cause users to share profiles
if you are not deleting the cached copy of the of the user profile after
the user logs out.

Things have changed a little.  Jeremy recently posted the correct way
for setting up domain admin accounts.  Check the list archives.  I've
got it saved somewhere if you can't find it.  Should have been in the
past two weeks or so.  Don't remember the subject.

                            Gerald ( Jerry ) Carter	
Engineering Network Services                           Auburn University 
jerry at   

       "...a hundred billion castaways looking for a home."
                                  - Sting "Message in a Bottle" ( 1979 )

More information about the samba-ntdom mailing list