UID mapping with Active Directory: implications of NOT mapping?

Valued Contributor III

We're planning a domain migration and are currently mapping local UID/GID to an AD attribute. We're considering removing the mapping during the migration and are wondering what sort of issues that may create down the line (obviously we would re-permission local files during the migration to address that angle).

Has anyone run across problems accessing files on local/network drives in an AD environment if the local UID changes for a user after, say, a re-image? Any other issues I may not be considering?


Contributor III

I am in a University environment, and yes, we did run into issues with fileshare access. We had some people who, for convoluted reasons, had their accounts recreated with different UIDs. Although the impact was limited by them being few in number, it was still enough of an annoyance that I'd recommend avoiding changing UIDs if at all possible. If you do, don't just repermission local files, delete the local account and let it get recreated with the existing repermissioned profile.

If you need to find the UID before remapping to the default settings:

  1. Obtain the value of the GeneratedUID key.
  2. Truncate it to the first 8 digits.
  3. If the value exceeds 0x80000000, subtract 0x80000000.
  4. Convert to decimal.