[Samba] Get id mapping for builtin users and groups on AD DC
Rowland Penny
rpenny at samba.org
Sat Aug 19 17:13:32 UTC 2023
On Sat, 19 Aug 2023 18:22:32 +0200
Peter Milesson via samba <samba at lists.samba.org> wrote:
> Hi folks,
>
> I have got two DCs and I want to check that the builtin ids are equal
> on both DCs. I have searched extensively, but I have not found what
> tool to use to get this information.
I take it by 'builtin ids' you mean the users and groups stored in
idmap.ldb, if not can you explain further.
>
> I do not use winbindd on the DCs.
I hope you mean that you are not setting 'winbind'
in /etc/nsswitch.conf and getent doesn't show your AD users.
>
> I would be very grateful, if somebody could give me information about
> this.
>
> Best regards,
>
> Peter
>
>
If you are referring to idmap.ldb, then this is an ID allocating
system and works on a 'first come basis'. This means that when a user
or group contacts idmap.ldb it gets the next available ID on that DC,
as users or groups are unlikely to contact in exactly the same
order on other DCs, they will get different IDs. This means that you
need to sync idmap.ldb between DCs, usually from the DC that holds the
PDC_Emulator FSMO role to all other DCs.
Rowland
More information about the samba
mailing list