Web lists-archives.com

Re: [Samba] Problem sysvolreset

On Mon, 20 Mar 2017 15:27:33 +0100
Björn JACKE via samba <samba@xxxxxxxxxxxxxxx> wrote:

> On 2017-03-07 at 18:48 +0000 Rowland Penny via samba sent off:
> > It is my recommendation to not give Domain Admins a gidNumber and
> > not to run sysvolreset if you add any GPOs.
> anybody who uses idmap ad on a samba member server should give domain
> users and domain admins a gidnumber actually. This does not affect
> sysvol on a DC in any way unless you enable idmap_ldb:use rfc2307,
> what I would not recommend to do.
> Björn

Hi Bjorn,
You can recommend not doing something until you are blue in the face,
but you will not stop people doing it. ;-)

If you give Domain Admins a gidNumber, it breaks the mapping in
idmap.ldb and stops Domain Admins being able to own files and dirs in
sysvol and Domain Admins needs to own files and dirs in sysvol.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba