[Samba] Samba PDC - first Domain Admin

James james at nttmcl.com
Wed Oct 1 18:00:26 GMT 2008

Hi guys,

i'm trying to setup a samba PDC and was hoping to delegate Admin control
to the "Domain Admins" Group.
The backend is run off of ldap and there is no root user account in the
ldap directory

i set my user "james" with the rid ending in -500

i used:
 net rpc rights grant "TESTING/Domain Admins" SeMachineAccountPrivilege
SePrintOperatorPrivilege     SeAddUsersPrivilege
SeRemoteShutdownPrivilege     SeDiskOperatorPrivilege -U james

i get:
Failed to grant privileges for Domain Admins (NT_STATUS_ACCESS_DENIED)

does the first Admin user HAVE to have uid=0 and be in the ldap directory?
if so can i just shove him in and remove him later?
and does "the net rpc rights grant" command have to be run on every
domain controller or does it right something to ldap so it'll know?


More information about the samba mailing list