[Samba] Sync UID/GUI between two DCs
simeon at simeonpeter.ch
Wed Sep 18 23:19:21 UTC 2019
Am 18.09.19 um 16:17 schrieb Rowland penny:
> On 18/09/2019 03:41, Simeon Peter via samba wrote:
>> I would remove any uidNumber & gidNumber attributes from the
>> following users (if set):
>> Administrator has a uidNumber since long time and owns some files.
>> Are there disadvantages if I leave his uidNumber?
> A very big one, 'Administrator' is now a standard user as far as Unix
> is concerned and can do no more than any other normal user.
> Administrator should be mapped to the Unix user root (by default it is
> on a DC).
At the moment there is a user "root" in the AD with the UID 0.
Administrator has an other UID then 0 and I can not give the UID 0 to
So should I delete the user "root" in the Active Directory and give the
UID 0 to the Administrator user?
Which default group should it belong to?
>>> If you are using Bind9, then you will also have users in this
>>> format: dns-dcname, if so do the same for these users.
>>> you should also remove gidNumber attributes from these groups:
>>> cert publishers
>>> ras and ias servers
>>> allowed rodc password replication group
>>> denied rodc password replication group
>>> enterprise read-only domain controllers
>>> domain guests
>>> domain computers
>>> domain controllers
>>> schema admins
>>> enterprise admins
>>> group policy creator owners
>>> read-only domain controllers
>> What's about the groups Administrators and Users in the Builtin folder?
> Sorry, missed off 'Administrators', not sure which users you are
> referring to here.
There is the Group "BUILTIN\Administrators", which has a custom
GIDnumber at the moment. Should it have an Unix GID also? Is there a
Unix Group "root" with GID 0?
>> Is it recommended to stop source / destination DC while the export/
>> At the moment I have cronjob rsyncing the sysvol directory. In that
>> case it would be better to sync it manually in the future.
> see here:
That worked well, thank you :-)
More information about the samba