Hi, After running samba-tool ntacl sysvolreset, it seems that the GPO (files and directories) end up with group SID set as user ACL as well as the groups one: # file: GPT.INI # owner: 3000000 # group: BIGON\134domain\040admins user::rwx user:3000004:rwx user:3000012:r-x user:3000019:r-x user:3000022:rwx group::rwx group:BIGON\134domain\040admins:rwx group:BIGON\134enterprise\040admins:rwx group:NT\040AUTHORITY\134authenticated\040users:r-x group:NT\040AUTHORITY\134enterprise\040domain\040controllers:r-x group:NT\040AUTHORITY\134system:rwx mask::rwx other::--- # wbinfo --uid-to-sid=3000000 S-1-5-21-1392674437-3576424776-2708817219-512 # wbinfo --uid-to-sid=3000004 S-1-5-21-1392674437-3576424776-2708817219-519 # wbinfo --uid-to-sid=3000012 S-1-5-11 # wbinfo --uid-to-sid=3000019 S-1-5-9 # wbinfo --uid-to-sid=3000022 S-1-5-18
Closing this bug report. Windows groups can own folders & files, to do this on Linux, they are mapped to 'ID_TYPE_BOTH' in idmap.ldb, this means that a group can also be a user on a DC.