Not all active directory users appear when using getent passwd - Joining Linux to Active Directory

We set up some Ubuntu 16.04 LTS workstations with Active Directory integration. It's works with Evolution with EWS support and passes on the credentials which is super nice. But not all of our Active Directory users could log in.

If I ran wbinfo -i I would get all the users in AD.
If I ran getent passwd I would get a subset of my AD users, specifically older accounts.

What I finally found was this: Most tutorials tell you to put the following lines in /etc/samba/smb.conf

idmap uid = 10000-20000

idmap gid = 10000-20000

What those lines do is translate your Active Directory SID to a unix UID (and GID.) It does this by taking the last section of your SID and adding 10000 to get your new UID. So, for example, if my SID ends in -0900 my UID would be 10900. (900+10000=10900.)

The problem is that we've had the same domain for many, many years so our SID are getting up there. A recent user had an SID ending in -29111. So his UID became 39111 which was past the range set up above. Anyone above that range isn't given a UID and therefor can't be logged in.

To fix this I changed the lines in /etc/samba.conf to

idmap uid = 10000-100000

idmap gid = 10000-100000

After doing so and restarting the client for good measure all my Active Directory accounts appeared when I ran getent passwd.