AD integration GID/UID management

Latest response

I am brand-new to RHEL, coming from a Windows-driven environment. I'm first looking to deploy a WordPress-enabled intranet site for our company with MS AD-integrated permissions, and so am looking to setup my first RHEL server to use AD logons, I've setup my RHEL server as a AD member via the SSSD configuration (no problem there), and have the settings placed to read GID/UID info from AD.

And there's the stop, after finding that going forward (when/if I implement Server 2016), I'll need to manage GIDs/UIDs myself as the old MS-supported methods for this have been deprecated.

So I'm using Powershell to script this management. Three parts:
1. Group GIDs. Read all existing GIDs, get the maximum GID present. Then add GIDs to groups without them, incrementing from the current max GID.
2. User UIDs. Read all existing UIDs, get the maximum UID present. Then add UIDs to users without them, incrementing from the current max UID.
3. Read User accounts again, getting their Primary Group and its GID, and setting each user accounts GID to be their Primary Group's GID.

My questions to you:
1. If I begin at GID/UID 1000000, so you see any issues with numbering?
2. Are there any oversights/gotchas to this plan?

bb

Responses