Univention Bugzilla – Bug 31839
Describe groups
Last modified: 2019-05-28 14:53:12 CEST
Ticket#: 2013052421000972 ] UCS Technikschulung A user asks if there is a description of all the default groups and what they are used for (Manual, extended doc, sdb, wiki) It would be nice if that description would also mention if any and which additional UMC/Printer/Admin/LDAP/... privileges are granted by adding a user to that group. # univention-ldapsearch -xLLL univentionObjectType=groups/group description dn: cn=Domain Admins,cn=groups,dc=schulung0,dc=ucs dn: cn=Domain Users,cn=groups,dc=schulung0,dc=ucs dn: cn=Domain Guests,cn=groups,dc=schulung0,dc=ucs dn: cn=Windows Hosts,cn=groups,dc=schulung0,dc=ucs dn: cn=DC Backup Hosts,cn=groups,dc=schulung0,dc=ucs dn: cn=DC Slave Hosts,cn=groups,dc=schulung0,dc=ucs dn: cn=Computers,cn=groups,dc=schulung0,dc=ucs dn: cn=Administrators,cn=groups,dc=schulung0,dc=ucs dn: cn=Users,cn=groups,dc=schulung0,dc=ucs dn: cn=Guests,cn=groups,dc=schulung0,dc=ucs dn: cn=Power Users,cn=groups,dc=schulung0,dc=ucs dn: cn=Account Operators,cn=groups,dc=schulung0,dc=ucs dn: cn=System Operators,cn=groups,dc=schulung0,dc=ucs dn: cn=Printer-Admins,cn=groups,dc=schulung0,dc=ucs dn: cn=Backup Operators,cn=groups,dc=schulung0,dc=ucs dn: cn=Replicators,cn=groups,dc=schulung0,dc=ucs dn: cn=Enterprise Admins,cn=groups,dc=schulung0,dc=ucs dn: cn=Authenticated Users,cn=groups,dc=schulung0,dc=ucs dn: cn=World Authority,cn=groups,dc=schulung0,dc=ucs dn: cn=Everyone,cn=groups,dc=schulung0,dc=ucs dn: cn=Null Authority,cn=groups,dc=schulung0,dc=ucs dn: cn=Nobody,cn=groups,dc=schulung0,dc=ucs dn: cn=Backup Join,cn=groups,dc=schulung0,dc=ucs description: Group for joining domain controller backup servers dn: cn=Slave Join,cn=groups,dc=schulung0,dc=ucs description: Group for joining domain controller slave servers dn: cn=Nagios Admins,cn=groups,dc=schulung0,dc=ucs description: Group of users with permission to access Nagios web interface dn: cn=UVMM Nodes,cn=groups,dc=schulung0,dc=ucs dn: cn=Domain Controllers,cn=groups,dc=schulung0,dc=ucs description: All domain controllers in the domain dn: cn=Read-only Domain Controllers,cn=groups,dc=schulung0,dc=ucs description: Members of this group are Read-Only Domain Controllers in the dom ain dn: cn=RAS and IAS Servers,cn=groups,dc=schulung0,dc=ucs description: Servers in this group can access remote access properties of user s dn: cn=Domain Computers,cn=groups,dc=schulung0,dc=ucs description: All workstations and servers joined to the domain dn: cn=Cert Publishers,cn=groups,dc=schulung0,dc=ucs description: Members of this group are permitted to publish certificates to th e directory dn: cn=DnsAdmins,cn=groups,dc=schulung0,dc=ucs description: DNS Administrators Group dn: cn=DnsUpdateProxy,cn=groups,dc=schulung0,dc=ucs description: DNS clients who are permitted to perform dynamic updates on behal f of some other clients (such as DHCP servers). dn: cn=Enterprise Read-only Domain Controllers,cn=groups,dc=schulung0,dc=ucs description: Members of this group are Read-Only Domain Controllers in the ent erprise dn: cn=Group Policy Creator Owners,cn=groups,dc=schulung0,dc=ucs description: Members in this group can modify group policy for the domain dn: cn=Schema Admins,cn=groups,dc=schulung0,dc=ucs description: Designated administrators of the schema dn: cn=Denied RODC Password Replication Group,cn=groups,dc=schulung0,dc=ucs description: Members in this group cannot have their passwords replicated to a ny read-only domain controllers in the domain dn: cn=Allowed RODC Password Replication Group,cn=groups,dc=schulung0,dc=ucs description: Members in this group can have their passwords replicated to all read-only domain controllers in the domain dn: cn=Enterprise Domain Controllers,cn=groups,dc=schulung0,dc=ucs
This should rather be part of the group object itself, some of them already have "description" attributes present. The missing ones seem to be created by Samba, so I'm reassigning the bug
http://support.microsoft.com/kb/243330/en-us
Ticket #2014092221000314: UCS technical training 2014-09
This issue has been filed against UCS 3.1. UCS 3.1 is out of maintenance and many UCS components have vastly changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please reopen.
Still lots of undescribed groups: # univention-ldapsearch -xLLL '(&(univentionObjectType=groups/group)(!(description=*)))' dn|sed -ne "s/,$(ucr get ldap/base)//p" dn: cn=Domain Admins,cn=groups dn: cn=Domain Users,cn=groups dn: cn=Domain Guests,cn=groups dn: cn=Windows Hosts,cn=groups dn: cn=DC Backup Hosts,cn=groups dn: cn=DC Slave Hosts,cn=groups dn: cn=Computers,cn=groups dn: cn=Printer-Admins,cn=groups
UCS Technical Training 2019-05-08/09 ...