[Samba] ad-backend: uidNumber set too late

Rowland Penny rpenny at samba.org
Fri Sep 3 12:23:32 UTC 2021

On Fri, 2021-09-03 at 09:56 +0200, L.P.H. van Belle via samba wrote:
> Agreed yes, Rowland made the code for it but as far i know its not in
> samba.

The code was rejected for being too deterministic, even though it was
based on what ADUC used to do, used either the lowest *idNumber in AD
or '10000' (as per ADUC) or whatever the user entered.

Samba has been talking about a better way of doing this since 2012 (at
least) and got nowhere. The problem, from the Samba point of view, is
ensuring that changes only happen on one DC and collisions do not

You can write your own scripts around samba-tool, you just need to know
where msSFU30MaxUidNumber & msSFU30MaxGidNumber live.


More information about the samba mailing list