MS Exchange

Jan Kratochvil short at
Wed Sep 15 17:38:26 GMT 1999

> >> 	If prior to, then the SID thing could be your problem, and I'd try
> >> 	re-installing the Exchange server, or, better yet, setting up a new 
> >> 	one for testing purposes that only knows about the Samba PDC.
> >
> >  Yes, it will be probably the only possible solution as I see. I just have
> >some fear with complete settings and data transfer to be done then from 'old'
> >to 'new' server.
> Personally I don't blame you at all.  I'd do several things:
> 	1. Backup the exchange server to a new tape
> 	2. Tell users to copy their mail boxes to their local systems as 
> 	   a precaution
> 	3. Build a completely new Exchange server on new hardware and after you
> 	   get it working properly with the Samba PDC try and import the data 
> 	   from the old Exchange server.  If this fails, you have the backup
> 	   tape, if that fails, the users have their local copy.

  We've even done physical copy (device byte-by-byte) to be sure. Only domain
rejoin has to be done then due to changed machine trust account but I think
that otherwise it is safe. You just have to be careful about x86 4GB file
limitation (and use another device to store it instead).

> >  The old domain controller was, of course, shut down during the testing (in
> >night hours, some backups failed but who cares about them :-) ).
> Right, but the Exchange server wasn't, which means it's trying to authenticate 
> against the old PDC, which has a different SID than the Samba one.

  The machine itself was rejoined to new domain. But I can't be sure about
Exchange server software itself, I agree.

> >  Personally I think that the problem is that some vital files of Exchange
> >are owned by the original NT user Exchange account and by logging Exchange
> >as someone else it no longer has the needed permission for its local files.
> >But I don't know how to solve it, I'm not much NT-experienced.
> Well, I don't so much think that it's a vital file, rather a registry entry 
> for Exchange that keeps track of the SID of the PDC.

  Well, I'll provide here some part of the mail from Al Margolis <al at>
who has been very helpful:

I have a feeling that Exchange is dependant on the RPC code that is not yet
implemented in SAMBA CVS.  There are a number of places where it enumerates
users.  It is also tightly integrated with User Admin for Domains so I
could image that Microsoft "forgot" to document some service calls.

My particular problem was an exchange server whose "MS Exchange Directory
Service" would not restart after a hard crash (blown power supply,
therefore no shutdown).  The solution was (1) reset privileges on al
msexchg directories to full control for Administrators, System and Everyone
and (2) resetting the admin password in Settings/Control Panel/Services
(select failed service, click STARTUP button).  We didn't test between
steps one and two, but my guess is that the password was the culprit.  I
don't like that "Everyone", but Microsoft assured me that it was necessary
and safe.

  Also Al Margolis pointed out that there is very good source of information
in Knowledge Base, although it is scattered all over the place and hard to

> >    4. Go to User Manager for Domains.
> >    5. Click on Policies from the title bar menu, and select User Rights.
> >    6. Select the option for Advanced User Rights.
> >    7. In the drop-down list, verify that the following rights have been grant
> >ed to the service account:
> >     Act as part of the operating system
> >     Back up files and directories
> >     Log on as a service
> >     Restore files and directories
> >
> >
> >  But when User manager functionality is not yet implemented in Samba, is
> > there any possibility to set it in Samba server itself (even in its sources
> > if it is just tweaking some Samba tables).
> I don't know the answer to this.  You'll have to check the Samba DOCS.  I 
> recommend getting Gerry Carter's "TYS Samba in 24 Hours" or the new O'Reilly 
> book on Samba.  In addition, look in the docs/ directory and read through all 
> that stuff.  I seem to remember something mentioning SIDs in there.  John 

  I've read docs/ several times already. Even all the slides at,
BTW I suggest reading those slides to everyone, it cleared out a lot of things
to me and the text I found very good written and entertaining.

> Blair's book, though written for pre 2.x Samba, has a very good explanation of 
> SIDs as well if I recall correctly.

  I should get it, I haven't yet read any paper-written text on Samba.

> Well, you could switch to sendmail and POP3/IMAP clients, then Exchange is 
> no longer a problem :)

  Tech support would welcome it but people are using the time manager, work
lists etc., I'm not forced to use it myself but simply due to all these
features the remove of Exchange is unfortunately not a solution now.

> Seeya,
> Paul

  I'm currently not in a situation when I can try to move the whole network
under Samba PDC but I'll try it during next several (3-4) weeks, I hope.
Anyway I know that I'll have to do fresh install of Exchange at the start
next time.

							Jan Kratochvil

More information about the samba-ntdom mailing list