Limiting UID range for new local user accounts

I have several CentOS 4 machines that I decided to have authenticate against a Win2008 DC via LDAPS, so when an Active Directory user logs in with his credentials on a server, it creates the user's directory and sets him up.

Thing is, the servers also has local user accounts (like for customers' webspaces on the webservers, and other misc. local accounts) and after setting up LDAPS authentication, these account UIDs (from 500+) are now being set up in the 10000 range with our AD accounts. The local accounts are either generated by script or manually on the machine.

I just want the two ranges to be separate. The man page for useradd says

-o uid ... The default is to use the smallest ID value greater than 99 and greater than every other user.

Any way around that or to configure it? I'd like to have a distinction between local accounts and AD accounts.


Check out UID_MIN & UID_MAX in /etc/login.defs to control what the range is for local users.


Be on the lookout for /etc/adduser.conf This conf file is, at least, present on Ubuntu 14.04 LTS and overrides login.defs

# FIRST_[GU]ID to LAST_[GU]ID inclusive is the range of UIDs of dynamically
# allocated user accounts/groups.
FIRST_UID=1000
LAST_UID=29999