X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:reply-to:subject:to:references:from:message-id
	:date:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=NaMnCbKYYOJ8lVPC
	nue+jgVDBv537x9A5q8pr/WvV+RASM8i8a8rRqYSbcwhlJaNNiVYrD6BTYaEYkMX
	q8i8F9rKU/ROi3Xl4Otxjr7UcCtZNCVM5B6oAXJd9eEK+7UWoNEThdv7GL2CT/wh
	c5UDy95WEN2+XkMAre6bHwKh2j0=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:reply-to:subject:to:references:from:message-id
	:date:mime-version:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=qzcagB+58VJsPu/lrOaepw
	SIbxk=; b=nQBJRdz5eZhqY55BLeG03KbdeKvYkGlJcP6slFePI0tq7WG3slmUx9
	u3rGBdx0TzN7ClQ7VBh9Fe5v4wy+E0+btwlzOo33X1xt28jO8La7ZmYEKFw4HUJ6
	IQTtmtbFGduqdRck2Lj83C0tY7frMofX4oi9Dq+YcD22D1X2AO2v0=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Spam-SWARE-Status:	No, score=-3.1 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 spammy=maayan, Maayan, Apelboim, apelboim
X-HELO:	smtp-out-no.shaw.ca
Reply-To:	Brian DOT Inglis AT SystematicSw DOT ab DOT ca
Subject:	Re: getent doesn't show all domain users
To:	cygwin AT cygwin DOT com
References:	<AM6PR07MB5334FC3FCC1D6BD79438A91A951D0 AT AM6PR07MB5334 DOT eurprd07 DOT prod DOT outlook DOT com>
From:	Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca>
Openpgp:	preference=signencrypt
Message-ID:	<3a2c51fe-894d-8959-70b9-22a9d8f980aa@SystematicSw.ab.ca>
Date:	Mon, 27 May 2019 09:59:53 -0600
User-Agent:	Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0
MIME-Version:	1.0
In-Reply-To:	<AM6PR07MB5334FC3FCC1D6BD79438A91A951D0@AM6PR07MB5334.eurprd07.prod.outlook.com>
X-IsSubscribed:	yes

On 2019-05-27 03:15, Maayan Apelboim wrote:
> I have a server in the domain (duplicated from another domain if it matters).
> At first "getent passwd" run I see the user from the different domain, but 
> after a few runs it disappears.
> Even after it disappears getent doesn't return all domain users while
> mkpasswd -d returns all users.
> When I try to chown user /home/user I get "invalid user" error - but this
> user exists in the domain.
> After a few restarts to the server or logging with the user the problem is
> solved.
> But I don't have a constant work around that works smoothly.

Systems may have tens to hundreds of local user accounts, and domains may have
hundreds to hundreds of thousands of user accounts.
The system probably caches only active users, and getent enumerates those if no
/etc/passwd file exists, as it was designed to enumerate only a few entries from
local files.
As it is, getent will not even enumerate hosts from the local hosts files or
resolver.

It appears that mkpasswd enumerates all local and system accounts in the
Security Accounts Manager file at $SYSTEMROOT/System32/config/SAM loaded into
/proc/registry/HKEY_LOCAL_MACHINE/SAM/, so it probably does the same for domain
accounts from Active Directory Domain Service.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -