Mapping Well-Known Windows Account Names

The idmap service supports the mapping of well-known Windows account names, such as the following:

  • Administrator

  • Guest

  • Network

  • Administrators

  • Guests

  • Computers

When idmap rules are added, these well-known account names are expanded to canonical form. This process adds either the default domain name for names that are not well known or an appropriate built-in domain name. Depending on the particular well-known name, this domain name might be null, BUILTIN, or the local host name.

The following sequence of idmap commands shows the treatment of the name user3, which is not well known, and the well-known names administrator and guest:

$ idmap add winname:user3 unixuser:uthree
add     winname:user3    unixuser:uthree
$ idmap add winname:administrator unixuser:root
add     winname:administrator   unixuser:root
$ idmap add winname:guest unixuser:nobody
add     winname:guest   unixuser:nobody
$ idmap add wingroup:administrators sysadmin
add     wingroup:administrators unixgroup:sysadmin
$ idmap list
add     winname:Administrator@examplehost  unixuser:root
add     winname:Guest@examplehost  unixuser:nobody
add     wingroup:Administrators@BUILTIN unixgroup:sysadmin
add       unixuser:uthree