samba - Nov 2025 - Backend RID and UNIX Primary Group...

I have clear the purpose of:

	idmap config SAMDOM:unix_primary_group = yes

in 'AD' backend, but for RID backend how it is defined/calculated?


In manpages and wiki there's some reference about 'calculated by
primaryGroupID', but most of them are related to AD backend and not RID
backend, and i'm a bit confused...


In RID backend all users get primary group 'Domain Users' or the group
defined as 'primaryGroupID'?


Thanks.

--

On Mon, 10 Nov 2025 13:16:59 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> 
> I have clear the purpose of:
> 
> 	idmap config SAMDOM:unix_primary_group = yes
> 
> in 'AD' backend, but for RID backend how it is defined/calculated?
> 
> 
> In manpages and wiki there's some reference about 'calculated by
> primaryGroupID', but most of them are related to AD backend and not
> RID backend, and i'm a bit confused...
> 
> 
> In RID backend all users get primary group 'Domain Users' or the
group
> defined as 'primaryGroupID'?
> 
> 
> Thanks.
> 
If you use the 'rid' idmap backend all users get Domain Users as their
primary group ID, an example:

id rowland
uid=11104(rowland) gid=10513(domain users) groups=10513(domain
users)..........

but the users also get their own private group:

getent group rowland
rowland:x:11104:rowland

This comes from Samba and the 'rid' backend.

You can change a user primary group by pointing their 'primaryGroupID'
at a different RID, but you would also have to join the user to
the Domain Users group. Windows expects every user to be a member of
Domain Users, so there is little point in changing the users primary
group.

Rowland