Re: [Samba] syscolcheck error / Could not convert sid S-1-5-32-544 to uid
- Date: Fri, 25 May 2018 17:44:30 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] syscolcheck error / Could not convert sid S-1-5-32-544 to uid
On Fri, 25 May 2018 17:16:09 +0100
Jonathan Hunter via samba <samba@xxxxxxxxxxxxxxx> wrote:
> Hi Rowland
> On 25 May 2018 at 16:09, Rowland Penny via samba
> <samba@xxxxxxxxxxxxxxx> wrote:
> > The problem with sysvolcheck & sysvolreset is they have never used
> > the Owner, group and ACLs that windows uses. Having said that, as
> > long as no BULTIN or DOMAIN user or group (except Domain Users) has
> > a uidNumber or gidNumber AND you haven't added any extra GPOs, it
> > will work, you just have to ignore that error message.
> > When you add ANY extra GPOs, then never ever use sysvolcheck or
> > sysvolreset. You should also never give Domain Admins a gidNumber
> > attribute, this turns the windows group into a Unix group. You are
> > now probably thinking 'what?', a group is just a group, right ?
> > Well, no, a Windows group can do something that no Unix group can,
> > it can own files and directories and guess what needs to own files
> > and directories in sysvol ??
> Thank you for the clear summary here, that really explains the issues.
> I've spotted a section on the wiki that now appears out of date -
> contradicts what I believe is more current advice e.g. from Louis, to
> use the Windows tools instead
> Is there an 'owner' for any of this info on the wiki, or should I
> just go ahead and edit? (in this instance, perhaps remove that FAQ
> entry as it is misleading now?)
Provided you have registered, anybody can edit the wiki and in fact
edits (as long as they are accurate) are very welcome.
To unsubscribe from this list go to the following URL and read the