extracting SID from user profile

Richard Sharpe rsharpe at richardsharpe.com
Tue Dec 17 17:46:01 GMT 2002

On Tue, 17 Dec 2002, Bradley W. Langhorst wrote:

> I accidentally wiped out my /etc/samba directory 
> during an upgrade so I restored from a backup which had a MACHINE.SID
> in it.
> now i've changed my domain SID and everything is funky.
> logins work but permissions are all screwed up.
> So i want to figure out what my SID was before the restore and 
> switch back.
> I'm pretty sure that the Domain SID is stored in the user profiles but
> not as text.
> I though with richard sharpe's new reg editor i might be able to extract
> the SID.
> Suprisingly - nothing in the archives about how to get an SID out of a
> profile.

If you look at www.richardsharpe.com you will find some info on this. 

Which version are you running? The SID is no longer in machine.sid, I 
believe, but in the secrets file, and in 2.2.x it is hard to change. In 
3.0 you can use net setlocalsid S-1-5-21-x-y-z

Oh, BTW, use the profiles command on any NTUSER.DAT and it will print out 
all the SIDs in that profile, from which you can figure out what your SID 
used to be. You can probably also figure it out using regedit32.
> I'm currently restoring secrets.tdb from tape and will try replacing my
> current secrets.tdb with the old one and run rpcclient's lsaquery to get
> the old sid... but that's going to take some time as the tape is not in
> the jukebox.
> thanks!
> brad

Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, 
sharpe[at]ethereal.com, http://www.richardsharpe.com

More information about the samba-technical mailing list