[Samba] primary group for AD accounts

[Pavel Lisý]

Hello

I have testing environment with 2 DC servers and 2 member servers. There is
one thing which I don't understand.

On DC "Domain Users" group shows different gid

for "samba-tool" there is GID 513 in LDAP
but "getent group" or "getent passwd" shows 100

$ sudo samba-tool group show 'domain users'
dn: CN=Domain Users,CN=Users,DC=office,DC=company,DC=com
objectClass: top
objectClass: group
cn: Domain Users
description: All domain users
instanceType: 4
whenCreated: 20240520145130.0Z
uSNCreated: 3885
name: Domain Users
objectGUID: 72200ac6-12aa-4da5-b3bf-3df97371fd36
objectSid: S-1-5-21-716648387-301587334-1432759742-513
sAMAccountName: Domain Users
sAMAccountType: 268435456
groupType: -2147483646
objectCategory:
CN=Group,CN=Schema,CN=Configuration,DC=office,DC=company,DC=com
isCriticalSystemObject: TRUE
memberOf: CN=Users,CN=Builtin,DC=office,DC=company,DC=com
gidNumber: 513
whenChanged: 20240615165133.0Z
uSNChanged: 4608
distinguishedName: CN=Domain Users,CN=Users,DC=office,DC=company,DC=com



$ getent group | grep -i users
users:x:100:
BUILTIN\users:x:3000009:
BUILTIN\remote desktop users:x:3000023:
BUILTIN\performance monitor users:x:3000026:
BUILTIN\performance log users:x:3000027:
BUILTIN\distributed com users:x:3000030:
OFFICE\domain users:x:100:
OFFICE\protected users:x:3000043:

$ getent group
OFFICE\administrator:*:0:100::/home/OFFICE/administrator:/bin/bash
OFFICE\guest:*:3000011:3000012::/home/OFFICE/guest:/bin/bash
OFFICE\krbtgt:*:3000015:100::/home/OFFICE/krbtgt:/bin/bash
OFFICE\dhcpduser:*:3000016:100::/home/OFFICE/dhcpduser:/bin/bash
OFFICE\koksy:*:3001:100::/home/OFFICE/koksy:/bin/bash
OFFICE\lupo:*:3002:100::/home/OFFICE/lupo:/bin/bash

How it could be possible?

Pavel