On ma, 24 kesä 2019, Marc Boorshtein via FreeIPA-users wrote:
>
> Since it is a new user I wonder if maybe the RID is larger than 200000?
> For automatic id-mapping a range of 200000 IDs is used by default and if
> the RIDs become higher a new range should be added.
>
>
Whats the RID attribute in AD?
Just check the last component of the SID in AD. If
you are using Active
Directory Users and Computers snap-in, then enable 'Advanced features'
and check 'Attribute Editor' in the user's properties, there will be
'ObjectSid' attribute.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland