So much for moving rid-> ntSid, what about the primaryGid we left behind?

Luke Howard lukeh at PADL.COM
Mon May 5 07:10:20 GMT 2003

>> The only point I note is that Microsoft doesn't even make this a SID,
>> but this is one point where I think AD's schema is a bit nuts..
>The change makes sense to me.  If i understood correctly, the primary 
>group stuff in NT is just so they could be posix compliance.  I don't 
>think the primary group stuff is really relevant most of the time.

As far as I know, POSIX compliance is the reason (because a user's
group membership in the directory has no order, ie. no way of
distinguishing one group as being the primary one).

Note that:

  o Active Directory will check that the primaryGroupID points
    to a valid group upon user addition

  o The SID of the primary group is included in a user's token

-- Luke

Luke Howard | PADL Software Pty Ltd |

More information about the samba-technical mailing list