So much for moving rid-> ntSid, what about the primaryGid we
left behind?
Luke Howard
lukeh at PADL.COM
Mon May 5 07:10:20 GMT 2003
>> The only point I note is that Microsoft doesn't even make this a SID,
>> but this is one point where I think AD's schema is a bit nuts..
>
>The change makes sense to me. If i understood correctly, the primary
>group stuff in NT is just so they could be posix compliance. I don't
>think the primary group stuff is really relevant most of the time.
As far as I know, POSIX compliance is the reason (because a user's
group membership in the directory has no order, ie. no way of
distinguishing one group as being the primary one).
Note that:
o Active Directory will check that the primaryGroupID points
to a valid group upon user addition
o The SID of the primary group is included in a user's token
groups
-- Luke
--
Luke Howard | PADL Software Pty Ltd | www.padl.com
More information about the samba-technical
mailing list