[Samba] Domain Admins default ownership is BUILTIN\Administrators

Rob Mason rob at acasta.co.uk
Fri Nov 30 18:28:07 UTC 2018

I've now spun up a second DC ready for a migration from an old DC. Just checking over a few things and have hit this problem:

Objects created by Domain Admins members default to ownership by BUILTIN\Administrators.  So, when JohnDoe is logged on as JohnDoe and creates a file, its ownership becomes BUILTIN\Administrators.

I've played with perms for over an hour and cannot make any sense of this? I cannot see where/why it is defaulting to this account??

\data is chmod 2755 owned by "SAMDOM\JohnDoe":"SAMDOM\Domain Admins".   Resulting files are 755 owned by "BUILTIN\Administrators":"SAMDOM\Domain Admins"

        netbios name = SAGAN
        realm = SAMDOM.INTRA
        server role = active directory domain controller
        workgroup = SAMDOM
        idmap_ldb:use rfc2307 = yes

template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = false
   winbind nss info = rfc2307
        winbind enum users = yes
        winbind enum groups = yes

        path = /var/lib/samba/sysvol/acasta.intra/scripts
        read only = No

        path = /var/lib/samba/sysvol
        read only = No

        path = /data
        read only = No

Rob Mason

Acasta Ltd - A Crown Commercial Service Supplier. CyberEssentials Certified QGCE013.
Registered in England 6619191. 42 Pitt Street, Barnsley, S70 1BB. VAT Registered 934 6797 75.

More information about the samba mailing list