As usual I’m allways visite my blog to read the manual from samba, because i had always got the problem from samba. So i wrote the documentation, I know I will have to come back here to find it hehehe 
The following steps describe how to make Samba PDC users members of the Domain Admins group.
1. Create a UNIX group (usually in /etc/group); let’s call it domadm.
2. Add to this group the users that must be “Administrators”. For example, if you want joe, john, and mary to be administrators, your entry in /etc/group will look like this:
ntadmin:x:502:henry,flubber
3. Map this domadm group to the “Domain Admins” group by executing the command:
# net groupmap add ntgroup=”Domain Admins” unixgroup=ntadmin rid=512 type=d
The quotes around “Domain Admins” are necessary due to the space in the group name. Also make sure to leave no white space surrounding the equal character (=).
It is possible to map any arbitrary UNIX group to any Windows NT4/200x group as well as to make any UNIX group a Windows domain group. For example, if you wanted to include a UNIX group (e.g., acct) in an ACL on a local file or printer on a Domain Member machine, you would flag that group as a domain group by running the following on the Samba PDC:
root# net groupmap add rid=1000 ntgroup=”Accounting” unixgroup=acct type=d
User Default RIDs
| Well-Known Entity |
RID |
Type |
Essential |
| Domain Administrator |
500 |
User |
No |
| Domain Guest |
501 |
User |
No |
| Domain KRBTGT |
502 |
User |
No |
| Domain Admins |
512 |
Group |
Yes |
| Domain Users |
513 |
Group |
Yes |
| Domain Guests |
514 |
Group |
Yes |
| Domain Computers |
515 |
Group |
No |
| Domain Controllers |
516 |
Group |
No |
| Domain Certificate Admins |
517 |
Group |
No |
| Domain Schema Admins |
518 |
Group |
No |
| Domain Enterprise Admins |
519 |
Group |
No |
| Domain Policy Admins |
520 |
Group |
No |
| Builtin Admins |
544 |
Alias |
No |
| Builtin users |
545 |
Alias |
No |
| Builtin Guests |
546 |
Alias |
No |
| Builtin Power Users |
547 |
Alias |
No |
| Builtin Account Operators |
548 |
Alias |
No |
| Builtin System Operators |
549 |
Alias |
No |
| Builtin Print Operators |
550 |
Alias |
No |
| Builtin Backup Operators |
551 |
Alias |
No |
| Builtin Replicator |
552 |
Alias |
No |
| Builtin RAS Servers |
553 |
Alias |
No |
Check groupmap
net groupmap list
Remote Desktop User (S-1-5-21-2081528928-1204200937-4262487566-1000) -> remotedesk
Accounting (S-1-5-21-2081528928-1204200937-4262487566-1001) -> acct
Domain Admins (S-1-5-21-2081528928-1204200937-4262487566-512) -> ntadmin
Renaming a NIC on SUSE and openSUSE »« Convert Firefox 3 cookies.sqlite to cookies.txt
