group RIDs (Modem_Users)

Marc Sherman marc at
Mon May 4 13:41:03 GMT 1998

At 12:21 PM 5/4/98 +1000, David Bannon wrote:
>At 22:58 30/04/1998 +1000, Luke Kenneth Casson Leighton wrote:
>>On Wed, 29 Apr 1998, various people wrote:
>>> If so, sould someone post a list of some of the more popular group RID's 
>>> i already have the list from winnt.h,
>>> but i was not aware that there are more: things like "modem users".
>>> add "domain groups = the RID" in the smb.conf
>getsid.exe tells me :
>The SID for account BIO-LAB\Modem_Users is

I believe that "S-1-5-21-871122656-1776954347-317593308" is the domain SID
for BIO-LAB, and 1004 is the RID for "modem users". More generally, for
user and group SID's at least, I'll go out on a limb and state that
everything up to but *not* including the last 32 bits is the domain SID,
and the last 32 bits is always the RID. IOW, user and group SID's always
contain the domain SID.

>Now, I have to ask, which RID (of the last four) should be mentioned in the
>smb.conf file ?

Correct me if I'm wrong, but I believe there is *always* only 1 RID, which
is also counted as a subauthhority, and there can be from 1 to 8
subauthorities in a SID. In this particular SID, we have 5 subauthorities
(21-871122656-1776954347-317593308-1004), and the last subauthority, 1004,
is the RID.

>I have checked winnt.h and Modem_Users are not mentioned, I don't
>understand why there are four RIDs after the S-1-5-21- bit. The MS
>Developer site does not seem to list anything, could it be that these
>numbers are madeup on the fly and therefore will be different on every
>system ?

Yup, I've never found any detailed explanation about subauthorities. My
only guess is that MS needs the extra bytes in order to ensure that a
domain SID is unique across space and time. If they only had the 48 bit
identifier authority to work with, (which is the 5 in the above SID), they
probably wouldn't be able to make this claim. Having another 28 bytes gives
them more leeway.


