Weird configuration found in LDAP for domains

I was looking for details about my samba ad domain KIT-GROUP because I feel that my RID pool feels messy because different queries on it return 2 different domain SID parts what I find completely unexpected. Any thoughts what the reason could be for this? I stumbled over this because the check for wellknwosids fails and the assignment for file owners are messy because they end ab with the GID which belongs to that fake domain WORKGROUP. Any ideas how to fix this?

Help or ideas are very appreciated


I was asking the directory as follows for the domain SID:

univention-ldapsearch objectClass=sambaDomain sambaSID

The answer return 2 entries. I feel that’s unexpected.

WORKGROUP, kit-group.intern

dn: sambaDomainName=WORKGROUP,dc=kit-group,dc=intern

sambaSID: S-1-5-21-2656981836-3923887624-1501411116

KIT-GROUP, samba, kit-group.intern

dn: sambaDomainName=KIT-GROUP,cn=samba,dc=kit-group,dc=intern

sambaSID: S-1-5-21-4109325069-491103998-3334682319

search result

search: 3

result: 0 Success

numResponses: 3

numEntries: 2