So much for moving rid-> ntSid, what about the primaryGid we left behind?

Andrew Bartlett abartlet at
Mon May 5 06:51:57 GMT 2003

So, can anybody give me a good reason why I should keep the
'primaryGroupRID' given we have moved the things that really matter to

I must have missed it when I last looked at this area - I think we
should have primaryGroupSID instead.  That would allow easy ldap
searches to find the members of a group, in particular.  

The only point I note is that Microsoft doesn't even make this a SID,
but this is one point where I think AD's schema is a bit nuts..

Andrew Bartlett
Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list