This is a problem caused by a dumb configuration change in Windows 2003 ADS. If you have a MCSE code monkey who believes that 'If you can do it in the GUI then it must be legal', then this can cause severe stress, elevated blood pressure and hair loss. It is postulated that this is the horribly mutilating bug that caused an ancient group of monkeys to lose most of their beautiful shiny fur and move to North Africa to build beautiful shiny pyramids. 1. Create a new Organizational Unit OU1 with a security group group1 and user user1 in Windows ADS. 2. Make user1 a member of group1. 3. In a Linux ADS member server, verify that group and user enumeration is on in smb.conf. 4. Verify that 'wbinfo -g' and 'wbinfo -u' work as expected and list all groups and users. 5. Create a new OU2 in Windows ADS next to OU1. 6. Drag group1 from OU1 to its new neighbour OU2. Windows will pop up a warning that this isn't exactly a good idea. Invoke the 'See no Evil' monkey and ignore the warning. 7. Now see that 'wbinfo -g' only returns the BUILTIN groups and 'wbinfo -u' returns nothing at all. If you are adventurous, see that the user1 login also doesn't work anymore. 8. Delete the two OUs and their offending contents and see that everything works again. Sigh, Windows, grumble...