[Samba] Maintaining Unix Attributes in AD using ADUC?
rpenny at samba.org
Fri Apr 2 10:57:24 UTC 2021
On 02/04/2021 11:22, Matthias Leopold via samba wrote:
> after reading the documentation on RFC2307 attributes in Samba AD I
> still wasn't sure if UID/GID attributes would be _automatically_
> assigned to new users/groups that where added with _ADUC_.
> wiki.samba.org says:
> "When using the ADUC utility, the user and group IDs are automatically
> tracked inside AD and incremented when creating a new user or group."
> "Every time a UID/GID number is assigned using Active Directory Users
> and Computers (ADUC), the next UID/GID number is stored inside the
> Active Directory. By default, ADUC starts assigning UID and GID
> numbers at 10000."
> Now I tried it with a domain where RFC2307 was set up after
> Additionally I set msSFU30MaxUidNumber/msSFU30MaxGidNumber to custom
> I then created a user in ADUC, but uidnumber wasn't assigned, same for
> group and gidnumber. The question is: should these attributes have
> been assigned automatically? Did I miss something or is this not
> supposed to happen?
> To me this is essential, because I want to delegate group creation in
> AD to users, so if automatic GID assignment doesn't work I can't use
> RFC2307 in Samba AD.
Do you have the Unix attributes tabs ? Or to put it another way, are you
using Windows 10 which does not have them ?
Whilst Samba still has the ldap framework that the Unix Attributes tab
relies on (Microsoft called it IDMU), Windows 10 no longer uses (or
You can use samba-tool to create users and groups with RFC2307, but you
will have to maintain the next Unix ID yourself. This is also ADMan, see
More information about the samba