Saltstack user.present does not set uid while creating the user

Question

My goal is to have a user with a given uid. I try to have a simple user created with the very basic state:

Add Student:
  user.present:
    - name: Student
    - uid: 333123123123
    - allow_uid_change: True

333123123123 is just some dummy value. I'd like something more meanigful later, but this is what I use for testing.

This creates the user perfectly fine, but with generated uid:

          ID: Add Student
    Function: user.present
        Name: Student
      Result: True
     Comment: New user Student created
     Started: 19:47:33.543457
    Duration: 203.157 ms
     Changes:   
              ----------
              account_disabled:
                  False
              account_locked:
                  False
              active:
                  True
              comment:
              description:
              disallow_change_password:
                  False
              expiration_date:
                  2106-02-07 07:28:15
              expired:
                  True
              failed_logon_attempts:
                  0
              fullname:
                  Student
              gid:
              groups:
              home:
              homedrive:
              last_logon:
                  Never
              logonscript:
              name:
                  Student
              passwd:
                  None
              password_changed:
                  2022-02-21 19:47:33
              password_never_expires:
                  False
              profile:
                  None
              successful_logon_attempts:
                  0
              uid:
                  S-1-5-21-3207633127-2685365797-3805984769-1043

Summary
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
Total run time: 203.157 ms

Now, if I try running state.apply again, I get the following message:

          ID: Add Student
    Function: user.present
        Name: Student
      Result: False
     Comment: Encountered error checking for needed changes. Additional info follows:
              
              - Changing uid (S-1-5-21-3207633127-2685365797-3805984769-1043 -> 333123123123) not permitted, set allow_uid_change to True to force this change. Note that this will not change file ownership.
     Started: 19:47:45.503643
    Duration: 7000.025 ms
     Changes:   

Summary
------------
Succeeded: 0
Failed:    1
------------
Total states run:     1
Total run time:   7.000 s

So it IS being considered, checked and verified - but not working while creating the user. The syntax seems to be confirmed. Why is it not getting applied upon creating the user?

Answer 1

It is possible to change a user's SID, but it requires unsupported registry hacking. Creating a new user with a specific SID would be even harder. Salt won't do that.

If you need to know the SID of a Windows user, you have to create it first and then query it. If you need it in a following state in the same run, then you can use slots.