[Samba] List of users seems truncated or incomplete in file server member of an Active Directory Domain

Rowland penny rpenny at samba.org
Mon Mar 15 15:31:18 UTC 2021

On 15/03/2021 15:12, David PAUGAM via samba wrote:
> Hello all, Rowland,
> thank you again for your help.
> It's now resolved.
> The cause was the difference between the ID range in Active Directory, 
> which was high for the last accounts, and the range of the rid backend.

> Rid backend was set up to deliver RID numbers from 10 000 to 999 999
> And in Active Directory, the RID range is up to 3 200 000 . I don't 
> know why it's so high, as I'm not the AD Admin.

i mentioned that in my second reply to this thread, I sort of expected 
you to check 😁

As for why the RID's are so high, you could have over 3 million users, 
groups etc, or you could have a lot of DC's that are replaced regularly 
(you get a new rid pool on each new DC).

> So, I changed the smb.conf to
>   idmap config MYDOM : backend = rid
>   idmap config MYDOM : range = 10000-99999999
> And all the accounts are now available!
> Is there any risk of that high numbers?

Just as long as they are unique, then no.


More information about the samba mailing list