On Sat, 29 Jun 2024 12:05:32 -0400
Sonic via samba <samba at lists.samba.org> wrote:
> On Sat, Jun 29, 2024 at 11:50?AM Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> > Have you given Domain Admins a gidNumber attribute ?
> Not sure. Should that group have one? How do I check that?
No it shouldn't have one
Run 'getent group DOMAIN\\Domain\ Admins', if it returns an ID not in
the '3000000' range, it has a gidNumber
>
> > Did you run 'net cache flush' after making the change ?
> No, I did not.
Then it would use the ID from the cache.
>
> > Are you syncing idmap.ldb between the DCs ?
> Totally separate domains.
>
So you only have one DC in each domain ? that is not a good idea.
Rowland