Information about Active Directory and POSIX primary group settings on NTFS file system


In Active Directory (AD), the “Primary Group” and “Primary Group Name/GID” are separate settings and are not related.

Using Active Directory Users and Computers snap-in, you can look at the properties of a user object. On the Member Of tab, there is a “Set Primary Group” setting. The “Set Primary Group” button on the MemberOf tab alters the AD “primary-group-id” attribute.  The primary-group-id attribute was added to AD to support products like Services for Mac.  Not all resources support a primary-group-id setting.

When Identity Management for Unix (IdMU) has been installed, it add a Unix Attribute tab. On the Unix Attribute tab, you can see a “Primary Group Name/GID” setting. The “Primary Group Name/GID” combo-box on the Unix Attributes tab modifies the Active Directory gidNumber attribute, which is created in the Active Directory schema as part of the idMU installation process.  The “Primary Group name/GID” was first introduced by Service for Unix (SFU) and is only used by the SFU components.  On newer versions of Windows Server, the SFU components have been broken out into separate packages such as Identity Management for Unix (IdMU), Services for NFS, and Services for Unix based Applications (SUA).

More Information

The NTFS file system includes support for primary group setting.  For example, if you create a file with Notepad, the files primary group value will be set to the value of the “Primary Group” as set on the Member Of tab while if a UNIX based client creates a file on a Windows based NFS server, it will explicitly send a numeric identifier to be set on the files and folder as the primary group which can be seen if a group in Active Directory has been assigned the same number as the Group ID.