Possible cause: 'net sam provision' fails to update the domusers_gid variable when it find the domain admin group. Upon attempting to create the Administrator user, a check of the domadmins_gid value will always fail thus aborting the creation of the Administrator account. . if (domadmins_gid == -1) { d_fprintf(stderr, "Can't create Administrtor user, Domain Admins group not available!\n"); goto done; Also: there is a speling errer in administrtor :) Steps to reproduce: *Create a freshly populated ldap database per the ldapsam:editposix instructions *set the ldap admin password *perform a 'net sam provision' *remove the dn=Administrator,ou=users,dc=samba,dc=org account and *re-run net sam provision. NOTE: The same issue may occur with the Guest user as it appears that the domusers_gid variable will also always be set at -1.
Richard confirmed the bug is fixed Committed patch to 3_0 and 3_0_25