samba - Sep 2017 - SOLVED: BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND

> I feel I can tell you this without breaking any confidences, the OP
sent me their idmap.ldb and the problem boiled down to these three DNs>>
CN=S-1-5-32-545> CN=S-1-5-32-544> CN=S-1-5-32-546> > The
classicupgrade
seems to set these to 'ID_TYPE_GID' instead of
'ID_TYPE_BOTH'.>>
RowlandI can confirm this. After changing 'ID_TYPE_GID' to
'ID_TYPE_BOTH' on these three CN= winbind works well. 
So there is no errors. Also Louis' script works
well;)
> This was hard to decipher, but I think I understand it>> You need to
make some choices about your fileservers, do you need to move data
between them ? if you do, then you need to use the winbind> 'ad'
backend
to ensure the data retains the correct ownership. If you don't, then you
can use the 'rid' backend, this doesn't add anything to AD.Sorry for
that mess, I don't know why mailserver did it.
In 99% cases we don't move data between them, so I have to consider it.

Thank everyone very much. In the first place Rowland for help me fix it
and for clarifying how ID mapping works.
I found one more problem, but I'll leave it for tomorrow;)
Jiří

On Wed, 06 Sep 2017 17:07:42 +0200
Jiří Černý via samba <samba at lists.samba.org> wrote:
> > I feel I can tell you this without breaking any confidences, the OP
> sent me their idmap.ldb and the problem boiled down to these three
> DNs>> CN=S-1-5-32-545> CN=S-1-5-32-544> CN=S-1-5-32-546>
> The
> DNs>> classicupgrade
> seems to set these to 'ID_TYPE_GID' instead of
'ID_TYPE_BOTH'.>>
> RowlandI can confirm this. After changing 'ID_TYPE_GID' to
> 'ID_TYPE_BOTH' on these three CN= winbind works well. 
> So there is no errors. Also Louis' script works well;)
> > This was hard to decipher, but I think I understand it>> You
need to
> make some choices about your fileservers, do you need to move data
> between them ? if you do, then you need to use the winbind> 'ad'
> backend to ensure the data retains the correct ownership. If you
> don't, then you can use the 'rid' backend, this doesn't add
anything
> to AD.Sorry for that mess, I don't know why mailserver did it.
> In 99% cases we don't move data between them, so I have to consider
> it.
> 
You may get away with using the 'rid' backend, but this will have to be
your choice, but whatever you choose, I am sure we can help you get to
a working domain.

Rowland