GPO in xp always creates policy with Domain Admins 2

Matthieu Patou mat at matws.net
Sat Jul 28 16:57:12 MDT 2012


On 07/28/2012 04:39 AM, steve wrote:
> Hi Everyone
>
> /usr/local/samba/var/locks/sysvol/hh3.site/Policies> ls -la
> total 32
> drwxrwx---+ 5 3000064 Domain Users 4096 Jul 28 10:19 
> {702EB7C7-14C4-4BBB-BA8C-F85F3E7B854A}
> drwxrwx---+ 5 3000064 Domain Users 4096 Jul 28 10:32 
> {BDFC28AB-5BB9-493E-9A9B-7CFA446DEF6B}
>
> For 3000064,  get:
> wbinfo --sid-to-name=S-1-5-21-3605328179-531901682-1830711284-512
> MARINA\Domain Admins 2
>
> What is the 2 for?
Did you rename the domain admins to domain admins 2 ?

Can you do a ldb search like that:

./bin/ldbsearch -H ldap://ip_of_your_dc -Uadministrator '(CN=Domain 
Admin*)' dn objectsid

This should list all the entries that have the CN starting with "Domain 
Admin"

The other option is a small bug in wbinfo when doing sids to name, can 
you try to run this command with valgrind ?

Matthieu.


More information about the samba-technical mailing list