Am 07.12.2015 um 20:18 schrieb Rowland penny:> On 07/12/15 18:55, Ole Traupe wrote:
>> I always wondered why to reserve 8000 IDs for built-in accounts. I
>> see ~40 built-in groups in ADUC and 2 such users (Administrator and
>> Guest)...
>>
>> Ole
>>
>>
>
> There are more potential users and groups than that, but you are
> correct, you do not actually need that number, it was based on this:
>
> Unix uses 0-999 for system users & groups (yes I know redhat used to
> use 0-499, but they now use 0-999)
Ok, so I will have to face facts when migrating to CentOS 7. :-/
> ADUC starts Unix IDs at 10000
>
> If you use a range for the builtin users & groups above the domain
> range, it could get in the way if your AD domain grows enough, so why
> not put it below the AD range?
> If this is done, where to put it? You will probably require some Unix
> users, so they will start at 1000, hence for ease, 2000 was chosen as
> the start ID for the builtin range and as it could only go upto 9999,
> this was chosen as the end number.
Makes sense. Stupid me thought: what a waste of (non-existent,
non-material) space:
# idmap config *:range = 1000-1999
# idmap config domain:range = 2000-99999
>
> Rowland
>
Can I ask something related? Once I had used '23456' as uid for some
test account, ADUC always wants to go that high, although I have plenty
of space below that. Is there a way to get rid of this behavior?
Ole