MS Exchange

James Willard james at
Thu Sep 16 20:40:44 GMT 1999

We have a large network of NT servers, Exchange servers, and a few Samba
boxes. Occasionally for various reasons, we will promote a BDC to a PDC
role, thus making the PDC step down as a BDC. Exchange does not have a
problem with this.

Now, if you're simply creating another domain, naming it the same thing, and
bringing up Samba, that's obviouisly where your problems lie. Unfortunately,
Samba can't be a BDC where you can then promote it, and remove the NT box
that used to be the PDC. That would be the way to do it, since there is a
lot of security information and SIDs that aren't recreated when you create a
new domain.

James Willard, CCNA
james at

> On Thu, Sep 16, 1999 at 01:22:27AM +1000, Paul L. Lussier wrote:
> > 
> > >> 	If after, then did you make sure that it only knows about the Samba 
> > >> 	PDC and not the old domain controller?
> > >
> > >  The old domain controller was, of course, shut down during the testing (in
> > >night hours, some backups failed but who cares about them :-) ).
> > 
> > Right, but the Exchange server wasn't, which means it's trying to authenticate 
> > against the old PDC, which has a different SID than the Samba one.
> If Exchange was keeping track of the PDC's SID, that would mean that
> you can't even switch from one NT PDC to another.
> I can't really believe that.
> (But then again, it is Microsoft... 
> Has anybody got a few spare NT Servers to test? :-)
> Cheers,
> Florian

James D. Willard, CCNA | Linux/FreeBSD/OpenBSD/Novell/Win/DOS/Minix User
james at   | finger james at for PGP Public Key
  #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
  $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1

More information about the samba-ntdom mailing list