NT Aliases
Luke Kenneth Casson Leighton
lkcl at samba.org
Mon Jan 17 23:36:57 GMT 2000
On Tue, 18 Jan 2000, Michael Stockman wrote:
> Hello,
>
> Could someone who knows NT please tell me what an alias is? I have
> tried to find some information on the internet, but so far with only
> modest luck.
understanding aliases is critical to understanding how to set up an NT
domain, michael!
users:
users can be added to domain groups of their own domain and domain aliases
of any domain.
groups:
groups can ONLY have user RIDs added to them, and by definition therefore
they can only contain users of their own domain
aliases:
aliases can have ABSOLUTELY any SIDs added to them. the SIDs could in
fact be total garbage, should you so choose. garbage SIDs, however, will
have no meaning and are in fact a security risk in case someone finds a
way to create the garbage SID, so don't do it!
to make it really clear, aliases can contain User, Group or other Alias
SIDs from ABSOLUTELY any domain.
a user's groups can only be RID components. you can make a user be a
member of domain group RIDs AND alias group RIDs, mixed. you can NOT make
a user a member of a foriegn SID. select the 'Group Memberships' box on a
user profile in USRMGR.EXE
have fun!
More information about the samba-ntdom
mailing list