information about "user manager for domains", local machines and , domains.

Luke Kenneth Casson Leighton lkcl at
Tue Apr 7 16:26:33 GMT 1998

this message is cross-posted to both samba-technical and samba-ntdom.

just realised something, but wanted to a) check it with other people b)
make sure those who _need_ to know do know.

it means that we need a shift in thinking (well, i do, anyway :-) and some
additional programming.

run "usrmgr.exe" for domains (nt server only).  select a _machine_ not a
domain. you get the machine's local accounts up, as if you had run the
program "musrmgr.exe" which is available only for nt workstation.

this ties in with what i mentioned a while back about nt workstations and
nt stand-alone servers.  namely, that the LsaQueryInfoPolicy call with
level 3 gives you the domain that the machine is a member of, along with
the domain SID;  LsaQueryInfoPolicy with level 5 gives you the
_workstation_ name, along with what is presumably the _workstation's_ SID.


in other words, we need a new parameter "machine sid" as well as "domain
sid".  or _do_ we.  i think we probably need to have samba generate the
sids (randomly) in an untoucheable file, with dire warnings added to it as
to the consequences of modifying / deleting it.

samba should generate the machine or domain sid depending on whether it is
configured as a "domain controller" or a "domain member".  once and only

hey, wouldn't it be great to have a PDC that you didn't have to reboot if
you changed the domain name, or made it a BDC instead of a PDC? (small dig


More information about the samba-ntdom mailing list