[Samba] UID of the windows Domain Administrator user?

Fabio Muzzi liste at kurgan.org
Sat Jun 4 11:07:14 GMT 2005

I  have  installed  lots  of  samba  3 servers as PDCs for little networks
serving 10 users or so. I have always set up the user "root" as the domain
administrator,  by  setting its group SID to <domainSID>-512 with pdbedit.
My  "root" user has usually a user SID of <domainSID>-1000 since it is the
first  user  I  add  to  Samba.  I have never set up a username map to map
"administrator"  to  "root",  I  use "root" directly also on Windows boxes
when  I  need  to  connect as the domain admin (to add workstations to the
domain,   for   example)   and  I  have  never  had  issues.  I  have  no
user named "administrator" on the domain.

Now  I have read in the HOWTO collection that I should set the user SID to
<domainSID>-500  for  the  "administrator" user since this is a predefined
default  SID.  I  have  found  that  a  NT  server uses 500 indeed for its
"Administrator" user.

First,  I'd  like  to understand why do I need an user with the "500" SID,
since  I  have  never  had  one  and still it seems that my "root" user is

Second,  I'd  like  to  know what will happen if I changhe the SID of root
from  "1000"  to  "500",  now  that  my workstations already know the user
"root"  by  its old SID. I suppose that generally is definitely NOT a good
idea  to  change  a  user's  SID, because this would make his files on his
workstations owned by someone else. Am I right?


  Fabio "Kurgan" Muzzi

More information about the samba mailing list