[Samba] UIDs/GIDs for built-in accounts in an AD-DC domain
Michael Tokarev
mjt at tls.msk.ru
Sat Nov 19 11:16:43 UTC 2022
16.11.2022 14:31, Rowland Penny via samba wrote:
> On 16/11/2022 11:05, Michael Tokarev via samba wrote:
>> For example, BUILTIN\Administrators is 3000000 on the "second" DC,
>> while it is 3000001 on first. And 3000001 is Users on second.
> Known problem, the ID's on a DC (which are stored in idmap.ldb) are issued on a first come basis, so you are very sure to get different ID's on every
> Samba AD DC.
>
> This only really affects Sysvol, which you have to sync between DC's, so it is also recommended to sync idmap.ldb to all other DC's.
Why this affects sysvol only?
Am I right the builtin user/groups should not be used for
other files somehow? Who ensures this?
And, can I set the mapping manually, for example, by
using another range, or by specifying the id for a given
entity directly?
Thanks,
/mjt
More information about the samba
mailing list