[Samba] Automatically assigning uidNumber / gidNumber attributes

Łukasz Michalski lm at zork.pl
Fri Jun 7 15:37:01 UTC 2019

On 05.06.2019 22:40, Rowland penny via samba wrote:
>> https://lists.samba.org/archive/samba/2019-June/223478.html
>> In this post, Rowland said "Oh good, 'Domain Admins' doesn't have a
>> gidNumber attribute."
> Domain Admins is a group that must own files in Sysvol. Samba runs on Unix and groups cannot own files on Unix, so Domain Admins is mapped as ID_TYPE_BOTH in idmap.ldb on the DC, this makes Domain Admins a group and a user. If you give Domain Admins a gidNumber attribute, it becomes just a group and cannot own files.

Now I am confused. Reading "Adding a share" on domain member here:


If with idmap-ad I do not set gidNumber to Domain Admins I will not be able to chown to that group?

Is it better to create other administrative group for managing file permissions?


More information about the samba mailing list