On 2/12/22 07:03, Michael Tokarev via samba wrote:> Hi!
>
> On *nix, it is common to assign user its own group
> of the same name. On linux with shadow-utils (the
> standard tools to add/remove users), user-own group
> is the default and one need to specify an option when
> creating new user to turn that off.
>
> But in windows world, users and groups seem to be in
> the same namespace.
>
> How to manage such "personal groups" in the windows/AD
> world (when we're talking about *moving* local users
> to AD instead of having them both in AD and locally)?
> Should I give the "personal group" some prefix for
> example, like g-mjt for the mjt group?
>
If your user is in AD, Samba creates a group for you matching the user
name automatically. Since AD doesn't allow this, as you mention, I think
this group exists only in a local Samba database, but an expert will
need to chime in here.
Yes, the single dumbest thing about AD is the flat namespace across the
domain. No idea why an adult didn't get involved when they were
designing this.
> Thanks,
>
> /mjt
>