GPO in xp always creates policy with Domain Admins 2
steve
steve at steve-ss.com
Sun Jul 29 02:22:31 MDT 2012
On 29/07/12 00:57, Matthieu Patou wrote:
> On 07/28/2012 04:39 AM, steve wrote:
>> Hi Everyone
>>
>> /usr/local/samba/var/locks/sysvol/hh3.site/Policies> ls -la
>> total 32
>> drwxrwx---+ 5 3000064 Domain Users 4096 Jul 28 10:19
>> {702EB7C7-14C4-4BBB-BA8C-F85F3E7B854A}
>> drwxrwx---+ 5 3000064 Domain Users 4096 Jul 28 10:32
>> {BDFC28AB-5BB9-493E-9A9B-7CFA446DEF6B}
>>
>> For 3000064, get:
>> wbinfo --sid-to-name=S-1-5-21-3605328179-531901682-1830711284-512
>> MARINA\Domain Admins 2
>>
>> What is the 2 for?
> Did you rename the domain admins to domain admins 2 ?
No.
>
> Can you do a ldb search like that:
>
> ./bin/ldbsearch -H ldap://ip_of_your_dc -Uadministrator '(CN=Domain
> Admin*)' dn objectsid
>
> This should list all the entries that have the CN starting with "Domain
> Admin"
>
> The other option is a small bug in wbinfo when doing sids to name, can
> you try to run this command with valgrind ?
>
> Matthieu.
Hi
Yep, it lists them correctly:
ldbsearch -H ldap://hh1.hh3.site -UAdministrator '(CN=Domain Admin*)' dn
objectsid
Password for [MARINA\Administrator]:
# record 1
dn: CN=Domain Admins,CN=Users,DC=hh3,DC=site
objectSid: S-1-5-21-3605328179-531901682-1830711284-512
Sorry, can't do valgrind, well, not in an afternoon at least unless you
can send be a one liner.
Cheers,
Steve
More information about the samba-technical
mailing list