So much for moving rid-> ntSid, what about the primaryGid we left behind?

Gerald (Jerry) Carter jerry at
Mon May 5 07:01:02 GMT 2003

Hash: SHA1

On 5 May 2003, Andrew Bartlett wrote:

> So, can anybody give me a good reason why I should keep the
> 'primaryGroupRID' given we have moved the things that really matter to
> SIDs?
> I must have missed it when I last looked at this area - I think we
> should have primaryGroupSID instead.  That would allow easy ldap
> searches to find the members of a group, in particular.  
> The only point I note is that Microsoft doesn't even make this a SID,
> but this is one point where I think AD's schema is a bit nuts..

The change makes sense to me.  If i understood correctly, the primary 
group stuff in NT is just so they could be posix compliance.  I don't 
think the primary group stuff is really relevant most of the time.

cheers, jerry
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see


More information about the samba-technical mailing list