|
Note
When the
passdb backend
uses LDAP (ldapsam), it is the
administrator's responsibility to create the essential domain groups and to assign each its default RID.
It is permissible to create any domain group that may be necessary; just make certain that the essential
domain groups (well known) have been created and assigned their default RIDs. Other groups you create may
be assigned any arbitrary RID you care to use.
Be sure to map each domain group to a UNIX system group. That is the only way to ensure that the group
will be available for use as an NT domain group.
Table11.1.Well-Known User Default RIDs
| Well-Known Entity |
RID |
Type |
Essential |
| Domain Administrator |
500 |
User |
No |
| Domain Guest |
501 |
User |
No |
| Domain KRBTGT |
502 |
User |
No |
| Domain Admins |
512 |
Group |
Yes |
| Domain Users |
513 |
Group |
Yes |
| Domain Guests |
514 |
Group |
Yes |
| Domain Computers |
515 |
Group |
No |
| Domain Controllers |
516 |
Group |
No |
| Domain Certificate Admins |
517 |
Group |
No |
| Domain Schema Admins |
518 |
Group |
No |
| Domain Enterprise Admins |
519 |
Group |
No |
| Domain Policy Admins |
520 |
Group |
No |
| Builtin Admins |
544 |
Alias |
No |
| Builtin users |
545 |
Alias |
No |
| Builtin Guests |
546 |
Alias |
No |
| Builtin Power Users |
547 |
Alias |
No |
| Builtin Account Operators |
548 |
Alias |
No |
| Builtin System Operators |
549 |
Alias |
No |
| Builtin Print Operators |
550 |
Alias |
No |
| Builtin Backup Operators |
551 |
Alias |
No |
| Builtin Replicator |
552 |
Alias |
No |
| Builtin RAS Servers |
553 |
Alias |
No |
|
