Hey,
No, that’s wrong — the group must exist in OpenLDAP, too. What’s interesting is that your group is in container cn=groups
instead of cn=Builtin
and lacks a sambaSID
. For comparison, here’s what my group looks like:
# Administrators, Builtin, mbu-test.intranet
dn: cn=Administrators,cn=Builtin,dc=mbu-test,dc=intranet
sambaSID: S-1-5-32-544
gidNumber: 5051
Is administrators
a group you had before you started the migration? If so, it might be worth a try to reset your test environment to before the migration, remove the group and migrate again.
Another possible way forward might be:
- Move the
administrators
group to thecn=builtin
container. - Add the
sambaSID
attribute. - Remove the mapping for 300000 from the
idmap
database. - Check that the
idmap
database has the correct mapping for the newly-movedadministrators
group.
Kind regards,
mosu