Bug 15586 - Provisioning does not create groups Enterprise Key Admins, Key Admins, Cloneable Domain Controllers
Summary: Provisioning does not create groups Enterprise Key Admins, Key Admins, Clonea...
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.19.5
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-19 16:28 UTC by Denis Cardon
Modified: 2024-02-19 16:28 UTC (History)
0 users

See Also:


Attachments
Account Uknonwn ACE of missing groups (36.17 KB, image/png)
2024-02-19 16:28 UTC, Denis Cardon
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Denis Cardon 2024-02-19 16:28:19 UTC
Created attachment 18253 [details]
Account Uknonwn ACE of missing groups

Provisioning does not create the Enterprise Key Admins, Key Admins, Cloneable Domain Controllers group.

The groups are missing from the ./source4/setup/provision_users.ldif file.

However it does create ACLs for those groups which results is "Account Unknown" ACEs (cf. screen capture).

root@srvads1:~# samba-tool group list
Read-only Domain Controllers
Domain Guests
RAS and IAS Servers
Performance Monitor Users
Domain Users
Distributed COM Users
Print Operators
Performance Log Users
Domain Admins
Account Operators
Denied RODC Password Replication Group
DnsUpdateProxy
Enterprise Read-only Domain Controllers
Certificate Service DCOM Access
Replicator
Terminal Server License Servers
Pre-Windows 2000 Compatible Access
Domain Computers
Incoming Forest Trust Builders
Event Log Readers
Server Operators
DnsAdmins
Protected Users
Enterprise Admins
Allowed RODC Password Replication Group
Cryptographic Operators
Guests
Network Configuration Operators
Schema Admins
Windows Authorization Access Group
Users
Group Policy Creator Owners
Cert Publishers
Backup Operators
Administrators
IIS_IUSRS
Remote Desktop Users
Domain Controllers