[Samba] Problem sysvolreset
rpenny at samba.org
Mon Mar 20 14:44:25 UTC 2017
On Mon, 20 Mar 2017 15:27:33 +0100
Björn JACKE via samba <samba at lists.samba.org> wrote:
> On 2017-03-07 at 18:48 +0000 Rowland Penny via samba sent off:
> > It is my recommendation to not give Domain Admins a gidNumber and
> > not to run sysvolreset if you add any GPOs.
> anybody who uses idmap ad on a samba member server should give domain
> users and domain admins a gidnumber actually. This does not affect
> sysvol on a DC in any way unless you enable idmap_ldb:use rfc2307,
> what I would not recommend to do.
You can recommend not doing something until you are blue in the face,
but you will not stop people doing it. ;-)
If you give Domain Admins a gidNumber, it breaks the mapping in
idmap.ldb and stops Domain Admins being able to own files and dirs in
sysvol and Domain Admins needs to own files and dirs in sysvol.
More information about the samba