+6Hello All,
I was pitted with the task to migrate everyone off of Centrify and onto the Native Active Directory tool. I am at the point where I need to grant the user permissions to their own home folder but when using the following command, I am receiving the dreaded: illegal group name
Example:
Username = TestUser123
Domain = CONTSO
sudo Chown -R TestUser123:"CONTOSODomain Users" /Users/TestUser123I am wondering if the issue has something to do with our multi-domain environment.
+17I usually single quote users or groups when adding the domain in a script, though I don't think that is the issue here.
What happens when you use a numeric group ID instead? (Unfortunately, I honestly don't know what happens when you do that in a multi-domain environment)
+6joshuasee,
I tried your suggestion, and still get the illegal group error.
Do you know how I would get the numeric group ID?
+15@NiclausDutter in terminal, you can type "id" literally just "id" & it will present you with the information you are seeking. May be another way but off the cuff that's my go to without researching.
here is the man page.
ID(1) BSD General Commands Manual ID(1)
NAME
id -- return user identity
SYNOPSIS
id [user]
id -A
id -F [user]
id -G [-n] [user]
id -M
id -P [user]
id -g [-nr] [user]
id -p [user]
id -u [-nr] [user]
DESCRIPTION
The id utility displays the user and group names and numeric IDs, of the
calling process, to the standard output. If the real and effective IDs
are different, both are displayed, otherwise only the real ID is dis-
played.
If a user (login name or user ID) is specified, the user and group IDs of
that user are displayed. In this case, the real and effective IDs are
assumed to be the same.
The options are as follows:
-A Display the process audit user ID and other process audit proper-
ties, which requires privilege.
-F Display the full name of the user.
-G Display the different group IDs (effective, real and supplemen-
tary) as white-space separated numbers, in no particular order.
-M Display the MAC label of the current process.
-P Display the id as a password file entry.
-a Ignored for compatibility with other id implementations.
-g Display the effective group ID as a number.
-n Display the name of the user or group ID for the -G, -g and -u
options instead of the number. If any of the ID numbers cannot
be mapped into names, the number will be displayed as usual.
-p Make the output human-readable. If the user name returned by
getlogin(2) is different from the login name referenced by the
user ID, the name returned by getlogin(2) is displayed, preceded
by the keyword ``login''. The user ID as a name is displayed,
preceded by the keyword ``uid''. If the effective user ID is
different from the real user ID, the real user ID is displayed as
a name, preceded by the keyword ``euid''. If the effective group
ID is different from the real group ID, the real group ID is dis-
played as a name, preceded by the keyword ``rgid''. The list of
groups to which the user belongs is then displayed as names, pre-
ceded by the keyword ``groups''. Each display is on a separate
line.
-r Display the real ID for the -g and -u options instead of the
effective ID.
-u Display the effective user ID as a number.
EXIT STATUS
The id utility exits 0 on success, and >0 if an error occurs.
SEE ALSO
who(1)
STANDARDS
The id function is expected to conform to IEEE Std 1003.2 (``POSIX.2'').
HISTORY
The historic groups(1) command is equivalent to ``id -Gn [user]''.
The historic whoami(1) command is equivalent to ``id -un''.
The id command appeared in 4.4BSD.
BSD September 26, 2006 BSD@Hugonaut I was able to get the group id and tried the command again, like so:
sudo Chown -R TestUser123:124356870 /Users/TestUser123Still getting illegal group name.
+15@NiclausDutter have you tried using the AD users ID instead of the name?
sudo Chown -R 987654321:124356870 /Users/TestUser123
+8@NiclausDutter I would double check the AD binding. The machine may also simply require a reboot after being bound to AD.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
