[PATCH] pdb_set_* ready

Stefan (metze) Metzmacher metze at metzemix.de
Tue Oct 22 00:14:14 GMT 2002


Hi Andrew,

here're the first steps of my pdb_set_* patch

this patch needs some testing, but it look good:
I have tested smbpasswd
I have tested pdbedit
I have tested usrmgr.exe

with pdb_ldap

every pdb_set function gets a uint8 flag (DEFAULT | SET | CHANGED)

then the backends can decide to only store changed values...

pdb_ldap now only updates changed values.



metze
-----------------------------------------------------------------------------
Stefan "metze" Metzmacher <metze at metzemix.de>
-------------- next part --------------
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/auth/auth_unix.c HEAD-pdb/source/auth/auth_unix.c
--- HEAD/source/auth/auth_unix.c	Fri May 24 15:55:05 2002
+++ HEAD-pdb/source/auth/auth_unix.c	Tue Oct  8 16:07:07 2002
@@ -49,7 +49,7 @@ static BOOL update_smbpassword_file(cons
 	 * Remove the account disabled flag - we are updating the
 	 * users password from a login.
 	 */
-	if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED)) {
+	if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED, PDB_CHANGED)) {
 		pdb_free_sam(&sampass);
 		return False;
 	}
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/auth/auth_util.c HEAD-pdb/source/auth/auth_util.c
--- HEAD/source/auth/auth_util.c	Wed Sep 25 12:13:36 2002
+++ HEAD-pdb/source/auth/auth_util.c	Tue Oct  8 16:07:07 2002
@@ -931,47 +931,47 @@ NTSTATUS make_server_info_info3(TALLOC_C
 		return nt_status;
 	}
 		
-	if (!pdb_set_user_sid(sam_account, &user_sid)) {
+	if (!pdb_set_user_sid(sam_account, &user_sid, PDB_CHANGED)) {
 		pdb_free_sam(&sam_account);
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	if (!pdb_set_group_sid(sam_account, &group_sid)) {
+	if (!pdb_set_group_sid(sam_account, &group_sid, PDB_CHANGED)) {
 		pdb_free_sam(&sam_account);
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 		
-	if (!pdb_set_nt_username(sam_account, nt_username)) {
+	if (!pdb_set_nt_username(sam_account, nt_username, PDB_CHANGED)) {
 		pdb_free_sam(&sam_account);
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (!pdb_set_domain(sam_account, nt_domain)) {
+	if (!pdb_set_domain(sam_account, nt_domain, PDB_CHANGED)) {
 		pdb_free_sam(&sam_account);
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (!pdb_set_fullname(sam_account, pdb_unistr2_convert(&(info3->uni_full_name)))) {
+	if (!pdb_set_fullname(sam_account, pdb_unistr2_convert(&(info3->uni_full_name)), PDB_CHANGED)) {
 		pdb_free_sam(&sam_account);
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (!pdb_set_logon_script(sam_account, pdb_unistr2_convert(&(info3->uni_logon_script)), True)) {
+	if (!pdb_set_logon_script(sam_account, pdb_unistr2_convert(&(info3->uni_logon_script)), PDB_CHANGED)) {
 		pdb_free_sam(&sam_account);
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (!pdb_set_profile_path(sam_account, pdb_unistr2_convert(&(info3->uni_profile_path)), True)) {
+	if (!pdb_set_profile_path(sam_account, pdb_unistr2_convert(&(info3->uni_profile_path)), PDB_CHANGED)) {
 		pdb_free_sam(&sam_account);
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (!pdb_set_homedir(sam_account, pdb_unistr2_convert(&(info3->uni_home_dir)), True)) {
+	if (!pdb_set_homedir(sam_account, pdb_unistr2_convert(&(info3->uni_home_dir)), PDB_CHANGED)) {
 		pdb_free_sam(&sam_account);
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (!pdb_set_dir_drive(sam_account, pdb_unistr2_convert(&(info3->uni_dir_drive)), True)) {
+	if (!pdb_set_dir_drive(sam_account, pdb_unistr2_convert(&(info3->uni_dir_drive)), PDB_CHANGED)) {
 		pdb_free_sam(&sam_account);
 		return NT_STATUS_NO_MEMORY;
 	}
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/include/smb.h HEAD-pdb/source/include/smb.h
--- HEAD/source/include/smb.h	Tue Oct  8 15:53:11 2002
+++ HEAD-pdb/source/include/smb.h	Tue Oct  8 16:49:08 2002
@@ -572,22 +572,50 @@ typedef struct {
 #define FLAG_SAM_UNINIT		0x00000000
 #define FLAG_SAM_UID		0x00000001
 #define FLAG_SAM_GID		0x00000002
-#define FLAG_SAM_SMBHOME	0x00000004
-#define FLAG_SAM_PROFILE	0x00000008
-#define FLAG_SAM_DRIVE          0x00000010
-#define FLAG_SAM_LOGONSCRIPT	0x00000020
-#define FLAG_SAM_LOGONTIME	0x00000040
-#define FLAG_SAM_LOGOFFTIME	0x00000080
-#define FLAG_SAM_KICKOFFTIME	0x00000100
-#define FLAG_SAM_CANCHANGETIME	0x00000200
-#define FLAG_SAM_MUSTCHANGETIME	0x00000400
-#define FLAG_SAM_PLAINTEXT_PW   0x00000800
+#define FLAG_SAM_SMBHOME	0x00000003
+#define FLAG_SAM_PROFILE	0x00000004
+#define FLAG_SAM_DRIVE          0x00000005
+#define FLAG_SAM_LOGONSCRIPT	0x00000006
+#define FLAG_SAM_LOGONTIME	0x00000007
+#define FLAG_SAM_LOGOFFTIME	0x00000008
+#define FLAG_SAM_KICKOFFTIME	0x00000009
+#define FLAG_SAM_CANCHANGETIME	0x0000000A
+#define FLAG_SAM_MUSTCHANGETIME	0x0000000B
+#define FLAG_SAM_PLAINTEXT_PW   0x0000000C
+#define FLAG_SAM_USERNAME	0x0000000D
+#define FLAG_SAM_FULLNAME	0x0000000E
+#define FLAG_SAM_DOMAIN		0x0000000F
+#define FLAG_SAM_NTUSERNAME	0x00000010
+#define FLAG_SAM_HOURSLEN	0x00000011
+#define FLAG_SAM_LOGONDIVS	0x00000012
+#define FLAG_SAM_USERSID	0x00000013
+#define FLAG_SAM_GROUPSID	0x00000014
+#define FLAG_SAM_ACCTCTRL	0x00000015
+#define FLAG_SAM_PASSLASTSET	0x00000016
+#define FLAG_SAM_UNIXHOMEDIR	0x00000017
+#define FLAG_SAM_ACCTDESC	0x00000018
+#define FLAG_SAM_WORKSTATIONS	0x00000019
+#define FLAG_SAM_UNKNOWNSTR	0x0000001A
+#define FLAG_SAM_MUNGEDDIAL	0x0000001B
+#define FLAG_SAM_HOURS		0x0000001C
+#define FLAG_SAM_UNKNOWN3	0x0000001D
+#define FLAG_SAM_UNKNOWN5	0x0000001E
+#define FLAG_SAM_UNKNOWN6	0x0000001F
+#define FLAG_SAM_LMPASSWD	0x00000020
+#define FLAG_SAM_NTPASSWD	0x00000021
+
+/* if you add a flag increment FLAG_SAM_COUNT */
+#define FLAG_SAM_COUNT		0x00000022
+
+enum{PDB_DEFAULT=0,PDB_SET,PDB_CHANGED};
 
 #define IS_SAM_UNIX_USER(x) \
-	((pdb_get_init_flag(x) & FLAG_SAM_UID) \
-	 && (pdb_get_init_flag(x) & FLAG_SAM_GID))
+	(( pdb_get_init_flags(x, FLAG_SAM_UID) != PDB_DEFAULT ) \
+	 && ( pdb_get_init_flags(x,FLAG_SAM_GID) != PDB_DEFAULT ))
 
-#define IS_SAM_SET(x, flag)	((x)->private.init_flag & (flag))
+#define IS_SAM_SET(x, flag)	(pdb_get_init_flags(x, flag) == PDB_SET)
+#define IS_SAM_CHANGED(x, flag)	(pdb_get_init_flags(x, flag) == PDB_CHANGED)
+#define IS_SAM_DEFAULT(x, flag)	(pdb_get_init_flags(x, flag) == PDB_DEFAULT)
 		
 typedef struct sam_passwd
 {
@@ -599,8 +627,9 @@ typedef struct sam_passwd
 
 	struct user_data {
 		/* initiailization flags */
-		uint32 init_flag;
-		
+		struct bitmap *change_flags;
+		struct bitmap *set_flags;
+
 		time_t logon_time;            /* logon time */
 		time_t logoff_time;           /* logoff time */
 		time_t kickoff_time;          /* kickoff time */
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/lib/bitmap.c HEAD-pdb/source/lib/bitmap.c
--- HEAD/source/lib/bitmap.c	Wed Jan 30 07:08:16 2002
+++ HEAD-pdb/source/lib/bitmap.c	Tue Oct  8 16:07:07 2002
@@ -60,6 +60,30 @@ void bitmap_free(struct bitmap *bm)
 }
 
 /****************************************************************************
+talloc a bitmap
+****************************************************************************/
+struct bitmap *bitmap_talloc(TALLOC_CTX *mem_ctx, int n)
+{
+	struct bitmap *bm;
+
+	if (!mem_ctx) return NULL;
+
+	bm = (struct bitmap *)talloc(mem_ctx, sizeof(*bm));
+
+	if (!bm) return NULL;
+	
+	bm->n = n;
+	bm->b = (uint32 *)talloc(mem_ctx, sizeof(bm->b[0])*(n+31)/32);
+	if (!bm->b) {
+		return NULL;
+	}
+
+	memset(bm->b, 0, sizeof(bm->b[0])*(n+31)/32);
+
+	return bm;
+}
+
+/****************************************************************************
 set a bit in a bitmap
 ****************************************************************************/
 BOOL bitmap_set(struct bitmap *bm, unsigned i)
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/passdb/passdb.c HEAD-pdb/source/passdb/passdb.c
--- HEAD/source/passdb/passdb.c	Fri Sep 27 07:40:04 2002
+++ HEAD-pdb/source/passdb/passdb.c	Wed Oct  9 13:19:16 2002
@@ -45,7 +45,6 @@ static void pdb_fill_default_sam(SAM_ACC
         /* Don't change these timestamp settings without a good reason.
            They are important for NT member server compatibility. */
 
-	user->private.init_flag		    = FLAG_SAM_UNINIT;
 	user->private.uid = user->private.gid	    = -1;
 
 	user->private.logon_time            = (time_t)0;
@@ -177,15 +176,15 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sa
 
 	pdb_fill_default_sam(sam_account);
 
-	pdb_set_username(sam_account, pwd->pw_name);
-	pdb_set_fullname(sam_account, pwd->pw_gecos);
+	pdb_set_username(sam_account, pwd->pw_name, PDB_SET);
+	pdb_set_fullname(sam_account, pwd->pw_gecos, PDB_SET);
 
-	pdb_set_unix_homedir(sam_account, pwd->pw_dir);
+	pdb_set_unix_homedir(sam_account, pwd->pw_dir, PDB_SET);
 
-	pdb_set_domain (sam_account, lp_workgroup());
+	pdb_set_domain (sam_account, lp_workgroup(), PDB_DEFAULT);
 
-	pdb_set_uid(sam_account, pwd->pw_uid);
-	pdb_set_gid(sam_account, pwd->pw_gid);
+	pdb_set_uid(sam_account, pwd->pw_uid, PDB_SET);
+	pdb_set_gid(sam_account, pwd->pw_gid, PDB_SET);
 	
 	/* When we get a proper uid -> SID and SID -> uid allocation
 	   mechinism, we should call it here.  
@@ -200,29 +199,29 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sa
 
 	/* Ensure this *must* be set right */
 	if (strcmp(pwd->pw_name, guest_account) == 0) {
-		if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST)) {
+		if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST, PDB_DEFAULT)) {
 			return NT_STATUS_UNSUCCESSFUL;
 		}
-		if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS)) {
+		if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS, PDB_DEFAULT)) {
 			return NT_STATUS_UNSUCCESSFUL;
 		}
 	} else {
 
 		if (!pdb_set_user_sid_from_rid(sam_account, 
-					       fallback_pdb_uid_to_user_rid(pwd->pw_uid))) {
+					       fallback_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) {
 			DEBUG(0,("Can't set User SID from RID!\n"));
 			return NT_STATUS_INVALID_PARAMETER;
 		}
 		
 		/* call the mapping code here */
 		if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
-			if (!pdb_set_group_sid(sam_account,&map.sid)){
+			if (!pdb_set_group_sid(sam_account,&map.sid, PDB_SET)){
 				DEBUG(0,("Can't set Group SID!\n"));
 				return NT_STATUS_INVALID_PARAMETER;
 			}
 		} 
 		else {
-			if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid))) {
+			if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) {
 				DEBUG(0,("Can't set Group SID\n"));
 				return NT_STATUS_INVALID_PARAMETER;
 			}
@@ -237,34 +236,34 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sa
 							    lp_logon_path(), 
 							    pwd->pw_name, global_myname, 
 							    pwd->pw_uid, pwd->pw_gid), 
-				     False);
+				     PDB_DEFAULT);
 		
 		pdb_set_homedir(sam_account, 
 				talloc_sub_specified((sam_account)->mem_ctx, 
 						       lp_logon_home(),
 						       pwd->pw_name, global_myname, 
 						       pwd->pw_uid, pwd->pw_gid),
-				False);
+				PDB_DEFAULT);
 		
 		pdb_set_dir_drive(sam_account, 
 				  talloc_sub_specified((sam_account)->mem_ctx, 
 							 lp_logon_drive(),
 							 pwd->pw_name, global_myname, 
 							 pwd->pw_uid, pwd->pw_gid),
-				  False);
+				  PDB_DEFAULT);
 		
 		pdb_set_logon_script(sam_account, 
 				     talloc_sub_specified((sam_account)->mem_ctx, 
 							    lp_logon_script(),
 							    pwd->pw_name, global_myname, 
 							    pwd->pw_uid, pwd->pw_gid), 
-				     False);
-		if (!pdb_set_acct_ctrl(sam_account, ACB_NORMAL)) {
+				     PDB_DEFAULT);
+		if (!pdb_set_acct_ctrl(sam_account, ACB_NORMAL, PDB_DEFAULT)) {
 			DEBUG(1, ("Failed to set 'normal account' flags for user %s.\n", pwd->pw_name));
 			return NT_STATUS_UNSUCCESSFUL;
 		}
 	} else {
-		if (!pdb_set_acct_ctrl(sam_account, ACB_WSTRUST)) {
+		if (!pdb_set_acct_ctrl(sam_account, ACB_WSTRUST, PDB_DEFAULT)) {
 			DEBUG(1, ("Failed to set 'trusted workstation account' flags for user %s.\n", pwd->pw_name));
 			return NT_STATUS_UNSUCCESSFUL;
 		}
@@ -842,7 +841,7 @@ BOOL local_sid_to_uid(uid_t *puid, const
 	
 	if (pdb_getsampwsid(sam_user, psid)) {
 		
-		if (!(pdb_get_init_flag(sam_user) & FLAG_SAM_UID)) { 
+		if (!IS_SAM_SET(sam_user,FLAG_SAM_UID)&&!IS_SAM_CHANGED(sam_user,FLAG_SAM_UID)) {
 			pdb_free_sam(&sam_user);
 			return False;
 		}
@@ -1037,7 +1036,7 @@ BOOL local_password_change(const char *u
 				return False;
 			}
 
-	        	if (!pdb_set_username(sam_pass, user_name)) {
+	        	if (!pdb_set_username(sam_pass, user_name, PDB_SET)) {
 	                	slprintf(err_str, err_str_len - 1, "Failed to set username for user %s.\n", user_name);
 	               	 	pdb_free_sam(&sam_pass);
 	               	 	return False;
@@ -1051,19 +1050,19 @@ BOOL local_password_change(const char *u
 	/* the 'other' acb bits not being changed here */
 	other_acb =  (pdb_get_acct_ctrl(sam_pass) & (!(ACB_WSTRUST|ACB_DOMTRUST|ACB_SVRTRUST|ACB_NORMAL)));
 	if (local_flags & LOCAL_TRUST_ACCOUNT) {
-		if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST | other_acb) ) {
+		if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST | other_acb, PDB_SET) ) {
 			slprintf(err_str, err_str_len - 1, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name);
 			pdb_free_sam(&sam_pass);
 			return False;
 		}
 	} else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
-		if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST | other_acb)) {
+		if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST | other_acb, PDB_SET)) {
 			slprintf(err_str, err_str_len - 1, "Failed to set 'domain trust account' flags for user %s.\n", user_name);
 			pdb_free_sam(&sam_pass);
 			return False;
 		}
 	} else {
-		if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL | other_acb)) {
+		if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL | other_acb, PDB_SET)) {
 			slprintf(err_str, err_str_len - 1, "Failed to set 'normal account' flags for user %s.\n", user_name);
 			pdb_free_sam(&sam_pass);
 			return False;
@@ -1076,13 +1075,13 @@ BOOL local_password_change(const char *u
 	 */
 
 	if (local_flags & LOCAL_DISABLE_USER) {
-		if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED)) {
+		if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED, PDB_SET)) {
 			slprintf(err_str, err_str_len-1, "Failed to set 'disabled' flag for user %s.\n", user_name);
 			pdb_free_sam(&sam_pass);
 			return False;
 		}
 	} else if (local_flags & LOCAL_ENABLE_USER) {
-		if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED))) {
+		if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_SET)) {
 			slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name);
 			pdb_free_sam(&sam_pass);
 			return False;
@@ -1090,7 +1089,7 @@ BOOL local_password_change(const char *u
 	}
 	
 	if (local_flags & LOCAL_SET_NO_PASSWORD) {
-		if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ)) {
+		if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ, PDB_SET)) {
 			slprintf(err_str, err_str_len-1, "Failed to set 'no password required' flag for user %s.\n", user_name);
 			pdb_free_sam(&sam_pass);
 			return False;
@@ -1106,13 +1105,13 @@ BOOL local_password_change(const char *u
 		 * don't create them disabled). JRA.
 		 */
 		if ((pdb_get_lanman_passwd(sam_pass)==NULL) && (pdb_get_acct_ctrl(sam_pass)&ACB_DISABLED)) {
-			if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED))) {
+			if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_SET)) {
 				slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name);
 				pdb_free_sam(&sam_pass);
 				return False;
 			}
 		}
-		if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ))) {
+		if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ), PDB_SET)) {
 			slprintf(err_str, err_str_len-1, "Failed to unset 'no password required' flag for user %s.\n", user_name);
 			pdb_free_sam(&sam_pass);
 			return False;
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/passdb/pdb_compat.c HEAD-pdb/source/passdb/pdb_compat.c
--- HEAD/source/passdb/pdb_compat.c	Wed Jul  3 09:37:51 2002
+++ HEAD-pdb/source/passdb/pdb_compat.c	Tue Oct  8 16:07:07 2002
@@ -48,7 +48,7 @@ uint32 pdb_get_group_rid (const SAM_ACCO
 	return (0);
 }
 
-BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid)
+BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid, uint8 flag)
 {
 	DOM_SID u_sid;
 	const DOM_SID *global_sam_sid;
@@ -66,7 +66,7 @@ BOOL pdb_set_user_sid_from_rid (SAM_ACCO
 	if (!sid_append_rid(&u_sid, rid))
 		return False;
 
-	if (!pdb_set_user_sid(sampass, &u_sid))
+	if (!pdb_set_user_sid(sampass, &u_sid, flag))
 		return False;
 
 	DEBUG(10, ("pdb_set_user_sid_from_rid:\n\tsetting user sid %s from rid %d\n", 
@@ -75,7 +75,7 @@ BOOL pdb_set_user_sid_from_rid (SAM_ACCO
 	return True;
 }
 
-BOOL pdb_set_group_sid_from_rid (SAM_ACCOUNT *sampass, uint32 grid)
+BOOL pdb_set_group_sid_from_rid (SAM_ACCOUNT *sampass, uint32 grid, uint8 flag)
 {
 	DOM_SID g_sid;
 	const DOM_SID *global_sam_sid;
@@ -93,7 +93,7 @@ BOOL pdb_set_group_sid_from_rid (SAM_ACC
 	if (!sid_append_rid(&g_sid, grid))
 		return False;
 
-	if (!pdb_set_group_sid(sampass, &g_sid))
+	if (!pdb_set_group_sid(sampass, &g_sid, flag))
 		return False;
 
 	DEBUG(10, ("pdb_set_group_sid_from_rid:\n\tsetting group sid %s from rid %d\n", 
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/passdb/pdb_get_set.c HEAD-pdb/source/passdb/pdb_get_set.c
--- HEAD/source/passdb/pdb_get_set.c	Fri Sep 27 07:40:04 2002
+++ HEAD-pdb/source/passdb/pdb_get_set.c	Tue Oct  8 16:07:07 2002
@@ -37,7 +37,7 @@
 #define PDB_NOT_QUITE_NULL ""
 
 /*********************************************************************
- Collection of get...() functions for SAM_ACCOUNT_INFO.
+ Collection of get...() functions for SAM_ACCOUNT.
  ********************************************************************/
 
 uint16 pdb_get_acct_ctrl (const SAM_ACCOUNT *sampass)
@@ -178,12 +178,20 @@ const DOM_SID *pdb_get_group_sid(const S
  * @return the flags indicating the members initialised in the struct.
  **/
  
-uint32 pdb_get_init_flag (const SAM_ACCOUNT *sampass)
+uint8 pdb_get_init_flags (const SAM_ACCOUNT *sampass, uint32 flag)
 {
-        if (sampass)
-		return sampass->private.init_flag;
-	else 
-                return FLAG_SAM_UNINIT;
+	uint8 ret = PDB_DEFAULT;
+	
+        if (!sampass || !sampass->private.change_flags || !sampass->private.set_flags)
+        	return ret;
+        	
+        if (bitmap_query(sampass->private.set_flags, flag))
+        	ret = PDB_SET;
+        	
+        if (bitmap_query(sampass->private.change_flags, flag))
+        	ret = PDB_CHANGED;
+        	
+        return ret;
 }
 
 uid_t pdb_get_uid (const SAM_ACCOUNT *sampass)
@@ -306,7 +314,7 @@ const char* pdb_get_munged_dial (const S
 		return (NULL);
 }
 
-uint32 pdb_get_unknown3 (const SAM_ACCOUNT *sampass)
+uint32 pdb_get_unknown_3 (const SAM_ACCOUNT *sampass)
 {
 	if (sampass)
 		return (sampass->private.unknown_3);
@@ -314,7 +322,7 @@ uint32 pdb_get_unknown3 (const SAM_ACCOU
 		return (-1);
 }
 
-uint32 pdb_get_unknown5 (const SAM_ACCOUNT *sampass)
+uint32 pdb_get_unknown_5 (const SAM_ACCOUNT *sampass)
 {
 	if (sampass)
 		return (sampass->private.unknown_5);
@@ -322,7 +330,7 @@ uint32 pdb_get_unknown5 (const SAM_ACCOU
 		return (-1);
 }
 
-uint32 pdb_get_unknown6 (const SAM_ACCOUNT *sampass)
+uint32 pdb_get_unknown_6 (const SAM_ACCOUNT *sampass)
 {
 	if (sampass)
 		return (sampass->private.unknown_6);
@@ -331,113 +339,97 @@ uint32 pdb_get_unknown6 (const SAM_ACCOU
 }
 
 /*********************************************************************
- Collection of set...() functions for SAM_ACCOUNT_INFO.
+ Collection of set...() functions for SAM_ACCOUNT.
  ********************************************************************/
 
-BOOL pdb_set_acct_ctrl (SAM_ACCOUNT *sampass, uint16 flags)
+BOOL pdb_set_acct_ctrl (SAM_ACCOUNT *sampass, uint16 acct_ctrl, uint8 flag)
 {
 	if (!sampass)
 		return False;
 		
-	if (sampass) {
-		sampass->private.acct_ctrl = flags;
-		return True;
-	}
-	
-	return False;
+	sampass->private.acct_ctrl = acct_ctrl;
+
+	return pdb_set_init_flags(sampass, FLAG_SAM_ACCTCTRL, flag);
 }
 
-BOOL pdb_set_logon_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
+BOOL pdb_set_logon_time (SAM_ACCOUNT *sampass, time_t mytime, uint8 flag)
 {
 	if (!sampass)
 		return False;
 
 	sampass->private.logon_time = mytime;
 
-	if (store)
-		pdb_set_init_flag(sampass, FLAG_SAM_LOGONTIME); 
-
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_LOGONTIME, flag);
 }
 
-BOOL pdb_set_logoff_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
+BOOL pdb_set_logoff_time (SAM_ACCOUNT *sampass, time_t mytime, uint8 flag)
 {
 	if (!sampass)
 		return False;
 
 	sampass->private.logoff_time = mytime;
 
-	if (store)
-		pdb_set_init_flag(sampass, FLAG_SAM_LOGOFFTIME); 
-
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_LOGOFFTIME, flag);
 }
 
-BOOL pdb_set_kickoff_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
+BOOL pdb_set_kickoff_time (SAM_ACCOUNT *sampass, time_t mytime, uint8 flag)
 {
 	if (!sampass)
 		return False;
 
 	sampass->private.kickoff_time = mytime;
 
-	if (store)
-		pdb_set_init_flag(sampass, FLAG_SAM_KICKOFFTIME); 
-
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_KICKOFFTIME, flag);
 }
 
-BOOL pdb_set_pass_can_change_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
+BOOL pdb_set_pass_can_change_time (SAM_ACCOUNT *sampass, time_t mytime, uint8 flag)
 {
 	if (!sampass)
 		return False;
 
 	sampass->private.pass_can_change_time = mytime;
 
-	if (store)
-		pdb_set_init_flag(sampass, FLAG_SAM_CANCHANGETIME); 
-
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_CANCHANGETIME, flag);
 }
 
-BOOL pdb_set_pass_must_change_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
+BOOL pdb_set_pass_must_change_time (SAM_ACCOUNT *sampass, time_t mytime, uint8 flag)
 {
 	if (!sampass)
 		return False;
 
 	sampass->private.pass_must_change_time = mytime;
 
-	if (store)
-		pdb_set_init_flag(sampass, FLAG_SAM_MUSTCHANGETIME); 
-
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_MUSTCHANGETIME, flag);
 }
 
-BOOL pdb_set_pass_last_set_time (SAM_ACCOUNT *sampass, time_t mytime)
+BOOL pdb_set_pass_last_set_time (SAM_ACCOUNT *sampass, time_t mytime, uint8 flag)
 {
 	if (!sampass)
 		return False;
 
 	sampass->private.pass_last_set_time = mytime;
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_PASSLASTSET, flag);
 }
 
-BOOL pdb_set_hours_len (SAM_ACCOUNT *sampass, uint32 len)
+BOOL pdb_set_hours_len (SAM_ACCOUNT *sampass, uint32 len, uint8 flag)
 {
 	if (!sampass)
 		return False;
 
 	sampass->private.hours_len = len;
-	return True;
+
+	return pdb_set_init_flags(sampass, FLAG_SAM_HOURSLEN, flag);
 }
 
-BOOL pdb_set_logon_divs (SAM_ACCOUNT *sampass, uint16 hours)
+BOOL pdb_set_logon_divs (SAM_ACCOUNT *sampass, uint16 hours, uint8 flag)
 {
 	if (!sampass)
 		return False;
 
 	sampass->private.logon_divs = hours;
-	return True;
+
+	return pdb_set_init_flags(sampass, FLAG_SAM_LOGONDIVS, flag);
 }
 
 /**
@@ -447,18 +439,67 @@ BOOL pdb_set_logon_divs (SAM_ACCOUNT *sa
  *             this flag is only added.  
  **/
  
-BOOL pdb_set_init_flag (SAM_ACCOUNT *sampass, uint32 flag)
+BOOL pdb_set_init_flags (SAM_ACCOUNT *sampass, uint32 flag, uint8 value_flag)
 {
-        if (!sampass)
+        if (!sampass || !sampass->mem_ctx)
                 return False;
 
-        sampass->private.init_flag |= flag;
+        if (!sampass->private.set_flags) {
+        	if ((sampass->private.set_flags = 
+        		bitmap_talloc(sampass->mem_ctx, 
+        				FLAG_SAM_COUNT))==NULL) {
+        		DEBUG(0,("bitmap_talloc failed\n"));
+        		return False;
+        	}
+        }
+        if (!sampass->private.change_flags) {
+        	if ((sampass->private.change_flags = 
+        		bitmap_talloc(sampass->mem_ctx, 
+        				FLAG_SAM_COUNT))==NULL) {
+        		DEBUG(0,("bitmap_talloc failed\n"));
+        		return False;
+        	}
+        }
+        
+        switch(value_flag) {
+        	case PDB_CHANGED:
+        		if (!bitmap_set(sampass->private.change_flags, flag)) {
+				DEBUG(0,("Can't set flag: %08X in change_flags.\n",flag));
+				return False;
+			}
+        		if (!bitmap_set(sampass->private.set_flags, flag)) {
+				DEBUG(0,("Can't set flag: %08X in set_falgs.\n",flag));
+				return False;
+			}
+        		break;
+        	case PDB_SET:
+        		if (!bitmap_clear(sampass->private.change_flags, flag)) {
+				DEBUG(0,("Can't set flag: %08X in change_flags.\n",flag));
+				return False;
+			}
+        		if (!bitmap_set(sampass->private.set_flags, flag)) {
+				DEBUG(0,("Can't set flag: %08X in set_falgs.\n",flag));
+				return False;
+			}
+        		break;
+        	case PDB_DEFAULT:
+        	default:
+        		if (!bitmap_clear(sampass->private.change_flags, flag)) {
+				DEBUG(0,("Can't set flag: %08X in change_flags.\n",flag));
+				return False;
+			}
+        		if (!bitmap_clear(sampass->private.set_flags, flag)) {
+				DEBUG(0,("Can't set flag: %08X in set_falgs.\n",flag));
+				return False;
+			}
+        		break;
+	}
 
         return True;
 }
 
-BOOL pdb_set_uid (SAM_ACCOUNT *sampass, const uid_t uid)
-{
+BOOL pdb_set_uid (SAM_ACCOUNT *sampass, const uid_t uid, uint8 flag)
+{	
 	if (!sampass)
 		return False;
 	
@@ -466,13 +507,11 @@ BOOL pdb_set_uid (SAM_ACCOUNT *sampass, 
 		   (int)uid, (int)sampass->private.uid));
  
 	sampass->private.uid = uid;
-	pdb_set_init_flag(sampass, FLAG_SAM_UID); 
-
-	return True;
-
+	
+	return pdb_set_init_flags(sampass, FLAG_SAM_UID, flag);
 }
 
-BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t gid)
+BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t gid, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -481,13 +520,11 @@ BOOL pdb_set_gid (SAM_ACCOUNT *sampass, 
 		   (int)gid, (int)sampass->private.gid));
  
 	sampass->private.gid = gid; 
-	pdb_set_init_flag(sampass, FLAG_SAM_GID); 
-
-	return True;
 
+	return pdb_set_init_flags(sampass, FLAG_SAM_GID, flag);
 }
 
-BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, DOM_SID *u_sid)
+BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, DOM_SID *u_sid, uint8 flag)
 {
 	if (!sampass || !u_sid)
 		return False;
@@ -496,13 +533,14 @@ BOOL pdb_set_user_sid (SAM_ACCOUNT *samp
 
 	DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n", 
 		    sid_string_static(&sampass->private.user_sid)));
-	
-	return True;
+
+	return pdb_set_init_flags(sampass, FLAG_SAM_USERSID, flag);
 }
 
-BOOL pdb_set_user_sid_from_string (SAM_ACCOUNT *sampass, fstring u_sid)
+BOOL pdb_set_user_sid_from_string (SAM_ACCOUNT *sampass, fstring u_sid, uint8 flag)
 {
 	DOM_SID new_sid;
+	
 	if (!sampass || !u_sid)
 		return False;
 
@@ -514,7 +552,7 @@ BOOL pdb_set_user_sid_from_string (SAM_A
 		return False;
 	}
 	 
-	if (!pdb_set_user_sid(sampass, &new_sid)) {
+	if (!pdb_set_user_sid(sampass, &new_sid, flag)) {
 		DEBUG(1, ("pdb_set_user_sid_from_string: could not set sid %s on SAM_ACCOUNT!\n", u_sid));
 		return False;
 	}
@@ -522,7 +560,7 @@ BOOL pdb_set_user_sid_from_string (SAM_A
 	return True;
 }
 
-BOOL pdb_set_group_sid (SAM_ACCOUNT *sampass, DOM_SID *g_sid)
+BOOL pdb_set_group_sid (SAM_ACCOUNT *sampass, DOM_SID *g_sid, uint8 flag)
 {
 	if (!sampass || !g_sid)
 		return False;
@@ -532,10 +570,10 @@ BOOL pdb_set_group_sid (SAM_ACCOUNT *sam
 	DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n", 
 		    sid_string_static(&sampass->private.group_sid)));
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_GROUPSID, flag);
 }
 
-BOOL pdb_set_group_sid_from_string (SAM_ACCOUNT *sampass, fstring g_sid)
+BOOL pdb_set_group_sid_from_string (SAM_ACCOUNT *sampass, fstring g_sid, uint8 flag)
 {
 	DOM_SID new_sid;
 	if (!sampass || !g_sid)
@@ -549,7 +587,7 @@ BOOL pdb_set_group_sid_from_string (SAM_
 		return False;
 	}
 	 
-	if (!pdb_set_group_sid(sampass, &new_sid)) {
+	if (!pdb_set_group_sid(sampass, &new_sid, flag)) {
 		DEBUG(1, ("pdb_set_group_sid_from_string: could not set sid %s on SAM_ACCOUNT!\n", g_sid));
 		return False;
 	}
@@ -560,8 +598,8 @@ BOOL pdb_set_group_sid_from_string (SAM_
  Set the user's UNIX name.
  ********************************************************************/
 
-BOOL pdb_set_username(SAM_ACCOUNT *sampass, const char *username)
-{	
+BOOL pdb_set_username(SAM_ACCOUNT *sampass, const char *username, uint8 flag)
+{
 	if (!sampass)
 		return False;
  
@@ -579,16 +617,16 @@ BOOL pdb_set_username(SAM_ACCOUNT *sampa
 	} else {
 		sampass->private.username = PDB_NOT_QUITE_NULL;
 	}
-
-	return True;
+	
+	return pdb_set_init_flags(sampass, FLAG_SAM_USERNAME, flag);
 }
 
 /*********************************************************************
  Set the domain name.
  ********************************************************************/
 
-BOOL pdb_set_domain(SAM_ACCOUNT *sampass, const char *domain)
-{	
+BOOL pdb_set_domain(SAM_ACCOUNT *sampass, const char *domain, uint8 flag)
+{
 	if (!sampass)
 		return False;
 
@@ -607,14 +645,14 @@ BOOL pdb_set_domain(SAM_ACCOUNT *sampass
 		sampass->private.domain = PDB_NOT_QUITE_NULL;
 	}
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_DOMAIN, flag);
 }
 
 /*********************************************************************
  Set the user's NT name.
  ********************************************************************/
 
-BOOL pdb_set_nt_username(SAM_ACCOUNT *sampass, const char *nt_username)
+BOOL pdb_set_nt_username(SAM_ACCOUNT *sampass, const char *nt_username, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -634,14 +672,14 @@ BOOL pdb_set_nt_username(SAM_ACCOUNT *sa
 		sampass->private.nt_username = PDB_NOT_QUITE_NULL;
 	}
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_NTUSERNAME, flag);
 }
 
 /*********************************************************************
  Set the user's full name.
  ********************************************************************/
 
-BOOL pdb_set_fullname(SAM_ACCOUNT *sampass, const char *full_name)
+BOOL pdb_set_fullname(SAM_ACCOUNT *sampass, const char *full_name, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -661,14 +699,14 @@ BOOL pdb_set_fullname(SAM_ACCOUNT *sampa
 		sampass->private.full_name = PDB_NOT_QUITE_NULL;
 	}
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_FULLNAME, flag);
 }
 
 /*********************************************************************
  Set the user's logon script.
  ********************************************************************/
 
-BOOL pdb_set_logon_script(SAM_ACCOUNT *sampass, const char *logon_script, BOOL store)
+BOOL pdb_set_logon_script(SAM_ACCOUNT *sampass, const char *logon_script, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -688,19 +726,14 @@ BOOL pdb_set_logon_script(SAM_ACCOUNT *s
 		sampass->private.logon_script = PDB_NOT_QUITE_NULL;
 	}
 	
-	if (store) {
-		DEBUG(10, ("pdb_set_logon_script: setting logon script sam flag!\n"));
-		pdb_set_init_flag(sampass, FLAG_SAM_LOGONSCRIPT);
-	}
-
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_LOGONSCRIPT, flag);
 }
 
 /*********************************************************************
  Set the user's profile path.
  ********************************************************************/
 
-BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, const char *profile_path, BOOL store)
+BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, const char *profile_path, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -720,19 +753,14 @@ BOOL pdb_set_profile_path (SAM_ACCOUNT *
 		sampass->private.profile_path = PDB_NOT_QUITE_NULL;
 	}
 
-	if (store) {
-		DEBUG(10, ("pdb_set_profile_path: setting profile path sam flag!\n"));
-		pdb_set_init_flag(sampass, FLAG_SAM_PROFILE);
-	}
-
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_PROFILE, flag);
 }
 
 /*********************************************************************
  Set the user's directory drive.
  ********************************************************************/
 
-BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, const char *dir_drive, BOOL store)
+BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, const char *dir_drive, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -752,19 +780,14 @@ BOOL pdb_set_dir_drive (SAM_ACCOUNT *sam
 		sampass->private.dir_drive = PDB_NOT_QUITE_NULL;
 	}
 	
-	if (store) {
-		DEBUG(10, ("pdb_set_dir_drive: setting dir drive sam flag!\n"));
-		pdb_set_init_flag(sampass, FLAG_SAM_DRIVE);
-	}
-
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_DRIVE, flag);
 }
 
 /*********************************************************************
  Set the user's home directory.
  ********************************************************************/
 
-BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, const char *home_dir, BOOL store)
+BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, const char *home_dir, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -784,19 +807,14 @@ BOOL pdb_set_homedir (SAM_ACCOUNT *sampa
 		sampass->private.home_dir = PDB_NOT_QUITE_NULL;
 	}
 
-	if (store) {
-		DEBUG(10, ("pdb_set_homedir: setting home dir sam flag!\n"));
-		pdb_set_init_flag(sampass, FLAG_SAM_SMBHOME);
-	}
-
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_SMBHOME, flag);
 }
 
 /*********************************************************************
  Set the user's unix home directory.
  ********************************************************************/
 
-BOOL pdb_set_unix_homedir (SAM_ACCOUNT *sampass, const char *unix_home_dir)
+BOOL pdb_set_unix_homedir (SAM_ACCOUNT *sampass, const char *unix_home_dir, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -817,14 +835,14 @@ BOOL pdb_set_unix_homedir (SAM_ACCOUNT *
 		sampass->private.unix_home_dir = PDB_NOT_QUITE_NULL;
 	}
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_UNIXHOMEDIR, flag);
 }
 
 /*********************************************************************
  Set the user's account description.
  ********************************************************************/
 
-BOOL pdb_set_acct_desc (SAM_ACCOUNT *sampass, const char *acct_desc)
+BOOL pdb_set_acct_desc (SAM_ACCOUNT *sampass, const char *acct_desc, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -841,14 +859,14 @@ BOOL pdb_set_acct_desc (SAM_ACCOUNT *sam
 		sampass->private.acct_desc = PDB_NOT_QUITE_NULL;
 	}
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_ACCTDESC, flag);
 }
 
 /*********************************************************************
  Set the user's workstation allowed list.
  ********************************************************************/
 
-BOOL pdb_set_workstations (SAM_ACCOUNT *sampass, const char *workstations)
+BOOL pdb_set_workstations (SAM_ACCOUNT *sampass, const char *workstations, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -868,14 +886,14 @@ BOOL pdb_set_workstations (SAM_ACCOUNT *
 		sampass->private.workstations = PDB_NOT_QUITE_NULL;
 	}
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_WORKSTATIONS, flag);
 }
 
 /*********************************************************************
  Set the user's 'unknown_str', whatever the heck this actually is...
  ********************************************************************/
 
-BOOL pdb_set_unknown_str (SAM_ACCOUNT *sampass, const char *unknown_str)
+BOOL pdb_set_unknown_str (SAM_ACCOUNT *sampass, const char *unknown_str, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -892,14 +910,14 @@ BOOL pdb_set_unknown_str (SAM_ACCOUNT *s
 		sampass->private.unknown_str = PDB_NOT_QUITE_NULL;
 	}
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_UNKNOWNSTR, flag);
 }
 
 /*********************************************************************
  Set the user's dial string.
  ********************************************************************/
 
-BOOL pdb_set_munged_dial (SAM_ACCOUNT *sampass, const char *munged_dial)
+BOOL pdb_set_munged_dial (SAM_ACCOUNT *sampass, const char *munged_dial, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -916,14 +934,14 @@ BOOL pdb_set_munged_dial (SAM_ACCOUNT *s
 		sampass->private.munged_dial = PDB_NOT_QUITE_NULL;
 	}
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_MUNGEDDIAL, flag);
 }
 
 /*********************************************************************
  Set the user's NT hash.
  ********************************************************************/
 
-BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sampass, const uint8 *pwd)
+BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sampass, const uint8 pwd[NT_HASH_LEN], uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -932,14 +950,14 @@ BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sam
 	
 	sampass->private.nt_pw = data_blob(pwd, NT_HASH_LEN);
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_NTPASSWD, flag);
 }
 
 /*********************************************************************
  Set the user's LM hash.
  ********************************************************************/
 
-BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, const uint8 pwd[16])
+BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, const uint8 pwd[LM_HASH_LEN], uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -948,7 +966,7 @@ BOOL pdb_set_lanman_passwd (SAM_ACCOUNT 
 	
 	sampass->private.lm_pw = data_blob(pwd, LM_HASH_LEN);
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_LMPASSWD, flag);
 }
 
 /*********************************************************************
@@ -956,7 +974,7 @@ BOOL pdb_set_lanman_passwd (SAM_ACCOUNT 
  below)
  ********************************************************************/
 
-BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const char *password)
+BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const char *password, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -976,37 +994,40 @@ BOOL pdb_set_plaintext_pw_only (SAM_ACCO
 		sampass->private.plaintext_pw = NULL;
 	}
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_PLAINTEXT_PW, flag);
 }
 
-BOOL pdb_set_unknown_3 (SAM_ACCOUNT *sampass, uint32 unkn)
+BOOL pdb_set_unknown_3 (SAM_ACCOUNT *sampass, uint32 unkn, uint8 flag)
 {
 	if (!sampass)
 		return False;
 
 	sampass->private.unknown_3 = unkn;
-	return True;
+	
+	return pdb_set_init_flags(sampass, FLAG_SAM_UNKNOWN3, flag);
 }
 
-BOOL pdb_set_unknown_5 (SAM_ACCOUNT *sampass, uint32 unkn)
+BOOL pdb_set_unknown_5 (SAM_ACCOUNT *sampass, uint32 unkn, uint8 flag)
 {
 	if (!sampass)
 		return False;
 
 	sampass->private.unknown_5 = unkn;
-	return True;
+
+	return pdb_set_init_flags(sampass, FLAG_SAM_UNKNOWN5, flag);
 }
 
-BOOL pdb_set_unknown_6 (SAM_ACCOUNT *sampass, uint32 unkn)
+BOOL pdb_set_unknown_6 (SAM_ACCOUNT *sampass, uint32 unkn, uint8 flag)
 {
 	if (!sampass)
 		return False;
 
 	sampass->private.unknown_6 = unkn;
-	return True;
+
+	return pdb_set_init_flags(sampass, FLAG_SAM_UNKNOWN6, flag);
 }
 
-BOOL pdb_set_hours (SAM_ACCOUNT *sampass, const uint8 *hours)
+BOOL pdb_set_hours (SAM_ACCOUNT *sampass, const uint8 *hours, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -1018,7 +1039,7 @@ BOOL pdb_set_hours (SAM_ACCOUNT *sampass
 	
 	memcpy (sampass->private.hours, hours, MAX_HOURS_LEN);
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_HOURS, flag);
 }
 
 
@@ -1036,17 +1057,17 @@ BOOL pdb_set_pass_changed_now (SAM_ACCOU
 	if (!sampass)
 		return False;
 	
-	if (!pdb_set_pass_last_set_time (sampass, time(NULL)))
+	if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED))
 		return False;
 
 	if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire) 
 	    || (expire==(uint32)-1)) {
-		if (!pdb_set_pass_must_change_time (sampass, get_time_t_max(), False))
+		if (!pdb_set_pass_must_change_time (sampass, get_time_t_max(), PDB_CHANGED))
 			return False;
 	} else {
 		if (!pdb_set_pass_must_change_time (sampass, 
 						    pdb_get_pass_last_set_time(sampass)
-						    + expire, True))
+						    + expire, PDB_CHANGED))
 			return False;
 	}
 	
@@ -1068,13 +1089,13 @@ BOOL pdb_set_plaintext_passwd (SAM_ACCOU
 	
 	nt_lm_owf_gen (plaintext, new_nt_p16, new_lanman_p16);
 
-	if (!pdb_set_nt_passwd (sampass, new_nt_p16)) 
+	if (!pdb_set_nt_passwd (sampass, new_nt_p16, PDB_CHANGED)) 
 		return False;
 
-	if (!pdb_set_lanman_passwd (sampass, new_lanman_p16)) 
+	if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED)) 
 		return False;
 
-	if (!pdb_set_plaintext_pw_only (sampass, plaintext)) 
+	if (!pdb_set_plaintext_pw_only (sampass, plaintext, PDB_CHANGED)) 
 		return False;
 
 	if (!pdb_set_pass_changed_now (sampass))
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/passdb/pdb_ldap.c HEAD-pdb/source/passdb/pdb_ldap.c
--- HEAD/source/passdb/pdb_ldap.c	Fri Sep 27 07:40:04 2002
+++ HEAD-pdb/source/passdb/pdb_ldap.c	Wed Oct  9 09:52:42 2002
@@ -683,13 +683,13 @@ static BOOL init_sam_from_ldap (struct l
 	get_single_attribute(ldap_struct, entry, "rid", temp);
 	user_rid = (uint32)atol(temp);
 
-	pdb_set_user_sid_from_rid(sampass, user_rid);
+	pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET);
 
 	if (!get_single_attribute(ldap_struct, entry, "primaryGroupID", temp)) {
 		group_rid = 0;
 	} else {
 		group_rid = (uint32)atol(temp);
-		pdb_set_group_sid_from_rid(sampass, group_rid);
+		pdb_set_group_sid_from_rid(sampass, group_rid, PDB_SET);
 	}
 
 	if ((ldap_state->permit_non_unix_accounts) 
@@ -710,21 +710,21 @@ static BOOL init_sam_from_ldap (struct l
 		uid = pw->pw_uid;
 		gid = pw->pw_gid;
 
-		pdb_set_unix_homedir(sampass, pw->pw_dir);
+		pdb_set_unix_homedir(sampass, pw->pw_dir, PDB_SET);
 
 		passwd_free(&pw);
 
-		pdb_set_uid(sampass, uid);
-		pdb_set_gid(sampass, gid);
+		pdb_set_uid(sampass, uid, PDB_SET);
+		pdb_set_gid(sampass, gid, PDB_SET);
 
 		if (group_rid == 0) {
 			GROUP_MAP map;
 			/* call the mapping code here */
 			if(get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
-				pdb_set_group_sid(sampass, &map.sid);
+				pdb_set_group_sid(sampass, &map.sid, PDB_SET);
 			} 
 			else {
-				pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid));
+				pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid), PDB_SET);
 			}
 		}
 	}
@@ -733,42 +733,42 @@ static BOOL init_sam_from_ldap (struct l
 		/* leave as default */
 	} else {
 		pass_last_set_time = (time_t) atol(temp);
-		pdb_set_pass_last_set_time(sampass, pass_last_set_time);
+		pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET);
 	}
 
 	if (!get_single_attribute(ldap_struct, entry, "logonTime", temp)) {
 		/* leave as default */
 	} else {
 		logon_time = (time_t) atol(temp);
-		pdb_set_logon_time(sampass, logon_time, True);
+		pdb_set_logon_time(sampass, logon_time, PDB_SET);
 	}
 
 	if (!get_single_attribute(ldap_struct, entry, "logoffTime", temp)) {
 		/* leave as default */
 	} else {
 		logoff_time = (time_t) atol(temp);
-		pdb_set_logoff_time(sampass, logoff_time, True);
+		pdb_set_logoff_time(sampass, logoff_time, PDB_SET);
 	}
 
 	if (!get_single_attribute(ldap_struct, entry, "kickoffTime", temp)) {
 		/* leave as default */
 	} else {
 		kickoff_time = (time_t) atol(temp);
-		pdb_set_kickoff_time(sampass, kickoff_time, True);
+		pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET);
 	}
 
 	if (!get_single_attribute(ldap_struct, entry, "pwdCanChange", temp)) {
 		/* leave as default */
 	} else {
 		pass_can_change_time = (time_t) atol(temp);
-		pdb_set_pass_can_change_time(sampass, pass_can_change_time, True);
+		pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET);
 	}
 
 	if (!get_single_attribute(ldap_struct, entry, "pwdMustChange", temp)) {
 		/* leave as default */
 	} else {
 		pass_must_change_time = (time_t) atol(temp);
-		pdb_set_pass_must_change_time(sampass, pass_must_change_time, True);
+		pdb_set_pass_must_change_time(sampass, pass_must_change_time, PDB_SET);
 	}
 
 	/* recommend that 'gecos' and 'displayName' should refer to the same
@@ -781,10 +781,10 @@ static BOOL init_sam_from_ldap (struct l
 		if (!get_single_attribute(ldap_struct, entry, "displayName", fullname)) {
 			/* leave as default */
 		} else {
-			pdb_set_fullname(sampass, fullname);
+			pdb_set_fullname(sampass, fullname, PDB_SET);
 		}
 	} else {
-		pdb_set_fullname(sampass, fullname);
+		pdb_set_fullname(sampass, fullname, PDB_SET);
 	}
 
 	if (!get_single_attribute(ldap_struct, entry, "homeDrive", dir_drive)) {
@@ -792,9 +792,9 @@ static BOOL init_sam_from_ldap (struct l
 								  lp_logon_drive(),
 								  username, domain, 
 								  uid, gid),
-				  False);
+				  PDB_DEFAULT);
 	} else {
-		pdb_set_dir_drive(sampass, dir_drive, True);
+		pdb_set_dir_drive(sampass, dir_drive, PDB_SET);
 	}
 
 	if (!get_single_attribute(ldap_struct, entry, "smbHome", homedir)) {
@@ -802,9 +802,9 @@ static BOOL init_sam_from_ldap (struct l
 								  lp_logon_home(),
 								  username, domain, 
 								  uid, gid), 
-				  False);
+				  PDB_DEFAULT);
 	} else {
-		pdb_set_homedir(sampass, homedir, True);
+		pdb_set_homedir(sampass, homedir, PDB_SET);
 	}
 
 	if (!get_single_attribute(ldap_struct, entry, "scriptPath", logon_script)) {
@@ -812,9 +812,9 @@ static BOOL init_sam_from_ldap (struct l
 								     lp_logon_script(),
 								     username, domain, 
 								     uid, gid), 
-				     False);
+				     PDB_DEFAULT);
 	} else {
-		pdb_set_logon_script(sampass, logon_script, True);
+		pdb_set_logon_script(sampass, logon_script, PDB_SET);
 	}
 
 	if (!get_single_attribute(ldap_struct, entry, "profilePath", profile_path)) {
@@ -822,21 +822,21 @@ static BOOL init_sam_from_ldap (struct l
 								     lp_logon_path(),
 								     username, domain, 
 								     uid, gid), 
-				     False);
+				     PDB_DEFAULT);
 	} else {
-		pdb_set_profile_path(sampass, profile_path, True);
+		pdb_set_profile_path(sampass, profile_path, PDB_SET);
 	}
 
 	if (!get_single_attribute(ldap_struct, entry, "description", acct_desc)) {
 		/* leave as default */
 	} else {
-		pdb_set_acct_desc(sampass, acct_desc);
+		pdb_set_acct_desc(sampass, acct_desc, PDB_SET);
 	}
 
 	if (!get_single_attribute(ldap_struct, entry, "userWorkstations", workstations)) {
 		/* leave as default */;
 	} else {
-		pdb_set_workstations(sampass, workstations);
+		pdb_set_workstations(sampass, workstations, PDB_SET);
 	}
 
 	/* FIXME: hours stuff should be cleaner */
@@ -850,7 +850,7 @@ static BOOL init_sam_from_ldap (struct l
 	} else {
 		pdb_gethexpwd(temp, smblmpwd);
 		memset((char *)temp, '\0', strlen(temp)+1);
-		if (!pdb_set_lanman_passwd(sampass, smblmpwd))
+		if (!pdb_set_lanman_passwd(sampass, smblmpwd, PDB_SET))
 			return False;
 		ZERO_STRUCT(smblmpwd);
 	}
@@ -860,7 +860,7 @@ static BOOL init_sam_from_ldap (struct l
 	} else {
 		pdb_gethexpwd(temp, smbntpwd);
 		memset((char *)temp, '\0', strlen(temp)+1);
-		if (!pdb_set_nt_passwd(sampass, smbntpwd))
+		if (!pdb_set_nt_passwd(sampass, smbntpwd, PDB_SET))
 			return False;
 		ZERO_STRUCT(smbntpwd);
 	}
@@ -873,24 +873,24 @@ static BOOL init_sam_from_ldap (struct l
 		if (acct_ctrl == 0)
 			acct_ctrl |= ACB_NORMAL;
 
-		pdb_set_acct_ctrl(sampass, acct_ctrl);
+		pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET);
 	}
 
-	pdb_set_hours_len(sampass, hours_len);
-	pdb_set_logon_divs(sampass, logon_divs);
+	pdb_set_hours_len(sampass, hours_len, PDB_SET);
+	pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
 
-	pdb_set_username(sampass, username);
+	pdb_set_username(sampass, username, PDB_SET);
 
-	pdb_set_domain(sampass, domain);
-	pdb_set_nt_username(sampass, nt_username);
+	pdb_set_domain(sampass, domain, PDB_DEFAULT);
+	pdb_set_nt_username(sampass, nt_username, PDB_SET);
 
-	pdb_set_munged_dial(sampass, munged_dial);
+	pdb_set_munged_dial(sampass, munged_dial, PDB_SET);
 	
-	/* pdb_set_unknown_3(sampass, unknown3); */
-	/* pdb_set_unknown_5(sampass, unknown5); */
-	/* pdb_set_unknown_6(sampass, unknown6); */
+	/* pdb_set_unknown_3(sampass, unknown3, PDB_SET); */
+	/* pdb_set_unknown_5(sampass, unknown5, PDB_SET); */
+	/* pdb_set_unknown_6(sampass, unknown6, PDB_SET); */
 
-	pdb_set_hours(sampass, hours);
+	pdb_set_hours(sampass, hours, PDB_SET);
 
 	return True;
 }
@@ -917,91 +917,110 @@ static BOOL init_ldap_from_sam (struct l
 	 * took out adding "objectclass: sambaAccount"
 	 * do this on a per-mod basis
 	 */
-
-	make_a_mod(mods, ldap_op, "uid", pdb_get_username(sampass));
-	DEBUG(2, ("Setting entry for user: %s\n", pdb_get_username(sampass)));
-
-	if ( pdb_get_user_rid(sampass) ) {
-		rid = pdb_get_user_rid(sampass);
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_USERNAME)) {
+		make_a_mod(mods, ldap_op, "uid", pdb_get_username(sampass));
+		DEBUG(2, ("Setting entry for user: %s\n", pdb_get_username(sampass)));
+	}
+	
+	if ((rid = pdb_get_user_rid(sampass))!=0 ) {
+		if (IS_SAM_CHANGED(sampass, FLAG_SAM_USERSID)) {		
+			slprintf(temp, sizeof(temp) - 1, "%i", rid);
+			make_a_mod(mods, ldap_op, "rid", temp);
+		}
 	} else if (IS_SAM_SET(sampass, FLAG_SAM_UID)) {
 		rid = fallback_pdb_uid_to_user_rid(pdb_get_uid(sampass));
+		slprintf(temp, sizeof(temp) - 1, "%i", rid);
+		make_a_mod(mods, ldap_op, "rid", temp);
 	} else if (ldap_state->permit_non_unix_accounts) {
 		rid = ldapsam_get_next_available_nua_rid(ldap_state);
 		if (rid == 0) {
 			DEBUG(0, ("NO user RID specified on account %s, and findining next available NUA RID failed, cannot store!\n", pdb_get_username(sampass)));
 			return False;
 		}
+		slprintf(temp, sizeof(temp) - 1, "%i", rid);
+		make_a_mod(mods, ldap_op, "rid", temp);
 	} else {
 		DEBUG(0, ("NO user RID specified on account %s, cannot store!\n", pdb_get_username(sampass)));
 		return False;
 	}
 
-	slprintf(temp, sizeof(temp) - 1, "%i", rid);
-	make_a_mod(mods, ldap_op, "rid", temp);
 
-	if ( pdb_get_group_rid(sampass) ) {
-		rid = pdb_get_group_rid(sampass);
+
+	if ((rid = pdb_get_group_rid(sampass))!=0 ) {
+		if (IS_SAM_CHANGED(sampass, FLAG_SAM_GROUPSID)) {		
+			slprintf(temp, sizeof(temp) - 1, "%i", rid);
+			make_a_mod(mods, ldap_op, "primaryGroupID", temp);
+		}
 	} else if (IS_SAM_SET(sampass, FLAG_SAM_GID)) {
 		rid = pdb_gid_to_group_rid(pdb_get_gid(sampass));
+		slprintf(temp, sizeof(temp) - 1, "%i", rid);
+		make_a_mod(mods, ldap_op, "primaryGroupID", temp);
 	} else if (ldap_state->permit_non_unix_accounts) {
 		rid = DOMAIN_GROUP_RID_USERS;
+		slprintf(temp, sizeof(temp) - 1, "%i", rid);
+		make_a_mod(mods, ldap_op, "primaryGroupID", temp);
 	} else {
 		DEBUG(0, ("NO group RID specified on account %s, cannot store!\n", pdb_get_username(sampass)));
 		return False;
 	}
 
-	slprintf(temp, sizeof(temp) - 1, "%i", rid);
-	make_a_mod(mods, ldap_op, "primaryGroupID", temp);
 
 	/* displayName, cn, and gecos should all be the same
 	 *  most easily accomplished by giving them the same OID
 	 *  gecos isn't set here b/c it should be handled by the 
 	 *  add-user script
 	 */
-
-	make_a_mod(mods, ldap_op, "displayName", pdb_get_fullname(sampass));
-	make_a_mod(mods, ldap_op, "cn", pdb_get_fullname(sampass));
-	make_a_mod(mods, ldap_op, "description", pdb_get_acct_desc(sampass));
-	make_a_mod(mods, ldap_op, "userWorkstations", pdb_get_workstations(sampass));
-
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_FULLNAME)) {
+		make_a_mod(mods, ldap_op, "displayName", pdb_get_fullname(sampass));
+		make_a_mod(mods, ldap_op, "cn", pdb_get_fullname(sampass));
+	}
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_ACCTDESC)) {	
+		make_a_mod(mods, ldap_op, "description", pdb_get_acct_desc(sampass));
+	}
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_WORKSTATIONS)) {	
+		make_a_mod(mods, ldap_op, "userWorkstations", pdb_get_workstations(sampass));
+	}
 	/*
 	 * Only updates fields which have been set (not defaults from smb.conf)
 	 */
 
-	if (IS_SAM_SET(sampass, FLAG_SAM_SMBHOME))
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_SMBHOME)) {
 		make_a_mod(mods, ldap_op, "smbHome", pdb_get_homedir(sampass));
-		
-	if (IS_SAM_SET(sampass, FLAG_SAM_DRIVE))
+	}
+			
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_DRIVE)) {
 		make_a_mod(mods, ldap_op, "homeDrive", pdb_get_dir_drive(sampass));
+	}
 	
-	if (IS_SAM_SET(sampass, FLAG_SAM_LOGONSCRIPT))
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_LOGONSCRIPT)) {
 		make_a_mod(mods, ldap_op, "scriptPath", pdb_get_logon_script(sampass));
-
-	if (IS_SAM_SET(sampass, FLAG_SAM_PROFILE))
+	}
+	
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_PROFILE))
 		make_a_mod(mods, ldap_op, "profilePath", pdb_get_profile_path(sampass));
 
-	if (IS_SAM_SET(sampass, FLAG_SAM_LOGONTIME)) {
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_LOGONTIME)) {
 		slprintf(temp, sizeof(temp) - 1, "%li", pdb_get_logon_time(sampass));
 		make_a_mod(mods, ldap_op, "logonTime", temp);
 	}
 
-	if (IS_SAM_SET(sampass, FLAG_SAM_LOGOFFTIME)) {
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_LOGOFFTIME)) {
 		slprintf(temp, sizeof(temp) - 1, "%li", pdb_get_logoff_time(sampass));
 		make_a_mod(mods, ldap_op, "logoffTime", temp);
 	}
 
-	if (IS_SAM_SET(sampass, FLAG_SAM_KICKOFFTIME)) {
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_KICKOFFTIME)) {
 		slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_kickoff_time(sampass));
 		make_a_mod(mods, ldap_op, "kickoffTime", temp);
 	}
 
 
-	if (IS_SAM_SET(sampass, FLAG_SAM_CANCHANGETIME)) {
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_CANCHANGETIME)) {
 		slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_can_change_time(sampass));
 		make_a_mod(mods, ldap_op, "pwdCanChange", temp);
 	}
 
-	if (IS_SAM_SET(sampass, FLAG_SAM_MUSTCHANGETIME)) {
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_MUSTCHANGETIME)) {
 		slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_must_change_time(sampass));
 		make_a_mod(mods, ldap_op, "pwdMustChange", temp);
 	}
@@ -1009,22 +1028,28 @@ static BOOL init_ldap_from_sam (struct l
 	if ((pdb_get_acct_ctrl(sampass)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST))||
 		(lp_ldap_passwd_sync()!=LDAP_PASSWD_SYNC_ONLY)) {
 
-		pdb_sethexpwd (temp, pdb_get_lanman_passwd(sampass), pdb_get_acct_ctrl(sampass));
-		make_a_mod (mods, ldap_op, "lmPassword", temp);
-	
-		pdb_sethexpwd (temp, pdb_get_nt_passwd(sampass), pdb_get_acct_ctrl(sampass));
-		make_a_mod (mods, ldap_op, "ntPassword", temp);
-	
-		slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_last_set_time(sampass));
-		make_a_mod(mods, ldap_op, "pwdLastSet", temp);
-
+		if (IS_SAM_CHANGED(sampass, FLAG_SAM_LMPASSWD)) {
+			pdb_sethexpwd (temp, pdb_get_lanman_passwd(sampass), pdb_get_acct_ctrl(sampass));
+			make_a_mod (mods, ldap_op, "lmPassword", temp);
+		}
+		
+		if (IS_SAM_CHANGED(sampass, FLAG_SAM_NTPASSWD)) {
+			pdb_sethexpwd (temp, pdb_get_nt_passwd(sampass), pdb_get_acct_ctrl(sampass));
+			make_a_mod (mods, ldap_op, "ntPassword", temp);
+		}
+		
+		if (IS_SAM_CHANGED(sampass, FLAG_SAM_PASSLASTSET)) {
+			slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_last_set_time(sampass));
+			make_a_mod(mods, ldap_op, "pwdLastSet", temp);
+		}
 	}
 
 	/* FIXME: Hours stuff goes in LDAP  */
-
-	make_a_mod (mods, ldap_op, "acctFlags", pdb_encode_acct_ctrl (pdb_get_acct_ctrl(sampass),
-		NEW_PW_FORMAT_SPACE_PADDED_LEN));
-
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_ACCTCTRL)) {
+		make_a_mod (mods, ldap_op, "acctFlags", pdb_encode_acct_ctrl (pdb_get_acct_ctrl(sampass),
+			NEW_PW_FORMAT_SPACE_PADDED_LEN));
+	}
+	
 	return True;
 }
 
@@ -1377,9 +1402,14 @@ static NTSTATUS ldapsam_modify_entry(LDA
 	int version;
 	int rc;
 	
-	switch(ldap_op)
-	{
-		case LDAP_MOD_ADD: 
+	if (!ldap_struct || !newpwd || !dn) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	
+	if (mods != NULL) {
+		switch(ldap_op)
+		{
+			case LDAP_MOD_ADD: 
 				make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", "account");
 				if((rc = ldap_add_s(ldap_struct,dn,mods))!=LDAP_SUCCESS) {
 					char *ld_error;
@@ -1393,7 +1423,7 @@ static NTSTATUS ldapsam_modify_entry(LDA
 					return ret;
 				}  
 				break;
-		case LDAP_MOD_REPLACE: 	
+			case LDAP_MOD_REPLACE: 	
 				if((rc = ldap_modify_s(ldap_struct,dn,mods))!=LDAP_SUCCESS) {
 					char *ld_error;
 					ldap_get_option(ldap_struct, LDAP_OPT_ERROR_STRING,
@@ -1406,14 +1436,18 @@ static NTSTATUS ldapsam_modify_entry(LDA
 					return ret;
 				}  
 				break;
-		default: 	
+			default: 	
 				DEBUG(0,("Wrong LDAP operation type: %d!\n",ldap_op));
 				return ret;
+		}
+	} else {
+		DEBUG(5,("mods is empty: nothing to modify\n"));
 	}
 	
 #ifdef LDAP_EXOP_X_MODIFY_PASSWD
 	if (!(pdb_get_acct_ctrl(newpwd)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST))&&
 		(lp_ldap_passwd_sync()!=LDAP_PASSWD_SYNC_OFF)&&
+		IS_SAM_CHANGED(newpwd, FLAG_SAM_PLAINTEXT_PW)&&
 		(pdb_get_plaintext_passwd(newpwd)!=NULL)) {
 		BerElement *ber;
 		struct berval *bv;
@@ -1537,6 +1571,18 @@ static NTSTATUS ldapsam_update_sam_accou
 	LDAPMessage *entry;
 	LDAPMod **mods;
 
+	if (!init_ldap_from_sam(ldap_state, &mods, LDAP_MOD_REPLACE, newpwd)) {
+		DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n"));
+		ldap_msgfree(result);
+		ldap_unbind(ldap_struct);
+		return ret;
+	}
+	
+	if (mods == NULL) {
+		DEBUG(4,("mods is empty: nothing to update for user: %s\n",pdb_get_username(newpwd)));
+		return NT_STATUS_OK;
+	}
+	
 	if (!ldapsam_open_connection(ldap_state, &ldap_struct)) /* open a connection to the server */
 		return ret;
 
@@ -1555,13 +1601,6 @@ static NTSTATUS ldapsam_update_sam_accou
 		return ret;
 	}
 
-	if (!init_ldap_from_sam(ldap_state, &mods, LDAP_MOD_REPLACE, newpwd)) {
-		DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n"));
-		ldap_msgfree(result);
-		ldap_unbind(ldap_struct);
-		return ret;
-	}
-
 	entry = ldap_first_entry(ldap_struct, result);
 	dn = ldap_get_dn(ldap_struct, entry);
         ldap_msgfree(result);
@@ -1663,6 +1702,12 @@ static NTSTATUS ldapsam_add_sam_account(
 		ldap_unbind(ldap_struct);
 		return ret;		
 	}
+	
+	if (mods == NULL) {
+		DEBUG(0,("mods is empty: nothing to add for user: %s\n",pdb_get_username(newpwd)));
+		return ret;
+	}	
+	
 	make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", "sambaAccount");
 
 	if (NT_STATUS_IS_ERR(ldapsam_modify_entry(ldap_struct,newpwd,dn,mods,ldap_op))) {
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/passdb/pdb_nisplus.c HEAD-pdb/source/passdb/pdb_nisplus.c
--- HEAD/source/passdb/pdb_nisplus.c	Fri Sep 27 07:40:04 2002
+++ HEAD-pdb/source/passdb/pdb_nisplus.c	Tue Oct  8 16:07:07 2002
@@ -745,7 +745,7 @@ static BOOL make_sam_from_nisp_object (S
 	/* Don't change these timestamp settings without a good reason.  They are
 	   important for NT member server compatibility. */
 
-	pdb_set_logon_time (pw_buf, (time_t) 0, True);
+	pdb_set_logon_time (pw_buf, (time_t) 0, PDB_DEFAULT);
 	ptr = (uchar *) ENTRY_VAL (obj, NPF_LOGON_T);
 	if (ptr && *ptr && (StrnCaseCmp (ptr, "LNT-", 4) == 0)) {
 		int i;
@@ -758,11 +758,11 @@ static BOOL make_sam_from_nisp_object (S
 		if (i == 8) {
 			pdb_set_logon_time (pw_buf,
 					    (time_t) strtol (ptr, NULL, 16),
-					    True);
+					    PDB_SET);
 		}
 	}
 
-	pdb_set_logoff_time (pw_buf, get_time_t_max (), True);
+	pdb_set_logoff_time (pw_buf, get_time_t_max (), PDB_DEFAULT);
 	ptr = (uchar *) ENTRY_VAL (obj, NPF_LOGOFF_T);
 	if (ptr && *ptr && (StrnCaseCmp (ptr, "LOT-", 4) == 0)) {
 		int i;
@@ -775,11 +775,11 @@ static BOOL make_sam_from_nisp_object (S
 		if (i == 8) {
 			pdb_set_logoff_time (pw_buf,
 					     (time_t) strtol (ptr, NULL, 16),
-					     True);
+					     PDB_SET);
 		}
 	}
 
-	pdb_set_kickoff_time (pw_buf, get_time_t_max (), True);
+	pdb_set_kickoff_time (pw_buf, get_time_t_max (), PDB_DEFAULT);
 	ptr = (uchar *) ENTRY_VAL (obj, NPF_KICK_T);
 	if (ptr && *ptr && (StrnCaseCmp (ptr, "KOT-", 4) == 0)) {
 		int i;
@@ -792,11 +792,11 @@ static BOOL make_sam_from_nisp_object (S
 		if (i == 8) {
 			pdb_set_kickoff_time (pw_buf,
 					      (time_t) strtol (ptr, NULL, 16),
-					      True);
+					      PDB_SET);
 		}
 	}
 
-	pdb_set_pass_last_set_time (pw_buf, (time_t) 0);
+	pdb_set_pass_last_set_time (pw_buf, (time_t) 0, PDB_DEFAULT);
 	ptr = (uchar *) ENTRY_VAL (obj, NPF_PWDLSET_T);
 	if (ptr && *ptr && (StrnCaseCmp (ptr, "LCT-", 4) == 0)) {
 		int i;
@@ -810,11 +810,12 @@ static BOOL make_sam_from_nisp_object (S
 			pdb_set_pass_last_set_time (pw_buf,
 						    (time_t) strtol (ptr,
 								     NULL,
-								     16));
+								     16),
+						     PDB_SET);
 		}
 	}
 
-	pdb_set_pass_can_change_time (pw_buf, (time_t) 0, True);
+	pdb_set_pass_can_change_time (pw_buf, (time_t) 0, PDB_DEFAULT);
 	ptr = (uchar *) ENTRY_VAL (obj, NPF_PWDCCHG_T);
 	if (ptr && *ptr && (StrnCaseCmp (ptr, "CCT-", 4) == 0)) {
 		int i;
@@ -829,11 +830,11 @@ static BOOL make_sam_from_nisp_object (S
 						      (time_t) strtol (ptr,
 								       NULL,
 								       16),
-						      True);
+						      PDB_SET);
 		}
 	}
 
-	pdb_set_pass_must_change_time (pw_buf, get_time_t_max (), True);	/* Password never expires. */
+	pdb_set_pass_must_change_time (pw_buf, get_time_t_max (), PDB_DEFAULT);	/* Password never expires. */
 	ptr = (uchar *) ENTRY_VAL (obj, NPF_PWDMCHG_T);
 	if (ptr && *ptr && (StrnCaseCmp (ptr, "MCT-", 4) == 0)) {
 		int i;
@@ -848,13 +849,13 @@ static BOOL make_sam_from_nisp_object (S
 						       (time_t) strtol (ptr,
 									NULL,
 									16),
-						       True);
+						       PDB_SET);
 		}
 	}
 
 	/* string values */
-	pdb_set_username (pw_buf, ENTRY_VAL (obj, NPF_NAME));
-	pdb_set_domain (pw_buf, lp_workgroup ());
+	pdb_set_username (pw_buf, ENTRY_VAL (obj, NPF_NAME), PDB_SET);
+	pdb_set_domain (pw_buf, lp_workgroup (), PDB_DEFAULT);
 	/* pdb_set_nt_username() -- cant set it here... */
 
 	get_single_attribute (obj, NPF_FULL_NAME, full_name,
@@ -862,27 +863,27 @@ static BOOL make_sam_from_nisp_object (S
 #if 0
 	unix_to_dos (full_name, True);
 #endif
-	pdb_set_fullname (pw_buf, full_name);
+	pdb_set_fullname (pw_buf, full_name, PDB_SET);
 
 	pdb_set_acct_ctrl (pw_buf, pdb_decode_acct_ctrl (ENTRY_VAL (obj,
-								    NPF_ACB)));
+								    NPF_ACB), PDB_SET));
 
 	get_single_attribute (obj, NPF_ACCT_DESC, acct_desc,
 			      sizeof (pstring));
 #if 0
 	unix_to_dos (acct_desc, True);
 #endif
-	pdb_set_acct_desc (pw_buf, acct_desc);
+	pdb_set_acct_desc (pw_buf, acct_desc, PDB_SET);
 
-	pdb_set_workstations (pw_buf, ENTRY_VAL (obj, NPF_WORKSTATIONS));
-	pdb_set_munged_dial (pw_buf, NULL);
+	pdb_set_workstations (pw_buf, ENTRY_VAL (obj, NPF_WORKSTATIONS), PDB_SET);
+	pdb_set_munged_dial (pw_buf, NULL, PDB_DEFAULT);
 
-	pdb_set_uid (pw_buf, atoi (ENTRY_VAL (obj, NPF_UID)));
-	pdb_set_gid (pw_buf, atoi (ENTRY_VAL (obj, NPF_SMB_GRPID)));
+	pdb_set_uid (pw_buf, atoi (ENTRY_VAL (obj, NPF_UID)), PDB_SET);
+	pdb_set_gid (pw_buf, atoi (ENTRY_VAL (obj, NPF_SMB_GRPID)), PDB_SET);
 	pdb_set_user_sid_from_rid (pw_buf,
-				   atoi (ENTRY_VAL (obj, NPF_USER_RID)));
+				   atoi (ENTRY_VAL (obj, NPF_USER_RID)), PDB_SET);
 	pdb_set_group_sid_from_rid (pw_buf,
-				    atoi (ENTRY_VAL (obj, NPF_GROUP_RID)));
+				    atoi (ENTRY_VAL (obj, NPF_GROUP_RID)), PDB_SET);
 
 	/* values, must exist for user */
 	if (!(pdb_get_acct_ctrl (pw_buf) & ACB_WSTRUST)) {
@@ -891,59 +892,60 @@ static BOOL make_sam_from_nisp_object (S
 				      sizeof (pstring));
 		if (!(home_dir && *home_dir)) {
 			pstrcpy (home_dir, lp_logon_home ());
-			pdb_set_homedir (pw_buf, home_dir, False);
+			pdb_set_homedir (pw_buf, home_dir, PDB_DEFAULT);
 		} else
-			pdb_set_homedir (pw_buf, home_dir, True);
+			pdb_set_homedir (pw_buf, home_dir, PDB_SET);
 
 		get_single_attribute (obj, NPF_DIR_DRIVE, home_drive,
 				      sizeof (pstring));
 		if (!(home_drive && *home_drive)) {
 			pstrcpy (home_drive, lp_logon_drive ());
-			pdb_set_dir_drive (pw_buf, home_drive, False);
+			pdb_set_dir_drive (pw_buf, home_drive, PDB_DEFAULT);
 		} else
-			pdb_set_dir_drive (pw_buf, home_drive, True);
+			pdb_set_dir_drive (pw_buf, home_drive, PDB_SET);
 
 		get_single_attribute (obj, NPF_LOGON_SCRIPT, logon_script,
 				      sizeof (pstring));
 		if (!(logon_script && *logon_script)) {
 			pstrcpy (logon_script, lp_logon_script ());
+			pdb_set_logon_script (pw_buf, logon_script, PDB_DEFAULT);
 		} else
-			pdb_set_logon_script (pw_buf, logon_script, True);
+			pdb_set_logon_script (pw_buf, logon_script, PDB_SET);
 
 		get_single_attribute (obj, NPF_PROFILE_PATH, profile_path,
 				      sizeof (pstring));
 		if (!(profile_path && *profile_path)) {
 			pstrcpy (profile_path, lp_logon_path ());
-			pdb_set_profile_path (pw_buf, profile_path, False);
+			pdb_set_profile_path (pw_buf, profile_path, PDB_DEFAULT);
 		} else
-			pdb_set_profile_path (pw_buf, profile_path, True);
+			pdb_set_profile_path (pw_buf, profile_path, PDB_SET);
 
 	} else {
 		/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
-		pdb_set_group_sid_from_rid (pw_buf, DOMAIN_GROUP_RID_USERS);
+		pdb_set_group_sid_from_rid (pw_buf, DOMAIN_GROUP_RID_USERS, PDB_DEFAULT);
 	}
 
 	/* Check the lanman password column. */
 	ptr = (char *) ENTRY_VAL (obj, NPF_LMPWD);
-	if (!pdb_set_lanman_passwd (pw_buf, NULL))
+	if (!pdb_set_lanman_passwd (pw_buf, NULL, PDB_DEFAULT))
 		return False;
 
 	if (!strncasecmp (ptr, "NO PASSWORD", 11)) {
 		pdb_set_acct_ctrl (pw_buf,
-				   pdb_get_acct_ctrl (pw_buf) | ACB_PWNOTREQ);
+				   pdb_get_acct_ctrl (pw_buf) | ACB_PWNOTREQ, PDB_SET);
 	} else {
 		if (strlen (ptr) != 32 || !pdb_gethexpwd (ptr, smbpwd)) {
 			DEBUG (0, ("malformed LM pwd entry: %s.\n",
 				   pdb_get_username (pw_buf)));
 			return False;
 		}
-		if (!pdb_set_lanman_passwd (pw_buf, smbpwd))
+		if (!pdb_set_lanman_passwd (pw_buf, smbpwd, PDB_SET))
 			return False;
 	}
 
 	/* Check the NT password column. */
 	ptr = ENTRY_VAL (obj, NPF_NTPWD);
-	if (!pdb_set_nt_passwd (pw_buf, NULL))
+	if (!pdb_set_nt_passwd (pw_buf, NULL, PDB_DEFAULT))
 		return False;
 
 	if (!(pdb_get_acct_ctrl (pw_buf) & ACB_PWNOTREQ) &&
@@ -953,12 +955,12 @@ static BOOL make_sam_from_nisp_object (S
  uid = %d.\n", pdb_get_uid (pw_buf)));
 			return False;
 		}
-		if (!pdb_set_nt_passwd (pw_buf, smbntpwd))
+		if (!pdb_set_nt_passwd (pw_buf, smbntpwd, PDB_SET))
 			return False;
 	}
 
-	pdb_set_unknown_3 (pw_buf, 0xffffff);	/* don't know */
-	pdb_set_logon_divs (pw_buf, 168);	/* hours per week */
+	pdb_set_unknown_3 (pw_buf, 0xffffff, PDB_DEFAULT);	/* don't know */
+	pdb_set_logon_divs (pw_buf, 168, PDB_DEFAULT);	/* hours per week */
 
 	if ((hours_len = ENTRY_LEN (obj, NPF_HOURS)) == 21) {
 		memcpy (hours, ENTRY_VAL (obj, NPF_HOURS), hours_len);
@@ -967,11 +969,11 @@ static BOOL make_sam_from_nisp_object (S
 		/* available at all hours */
 		memset (hours, 0xff, hours_len);
 	}
-	pdb_set_hours_len (pw_buf, hours_len);
-	pdb_set_hours (pw_buf, hours);
+	pdb_set_hours_len (pw_buf, hours_len, PDB_SET);
+	pdb_set_hours (pw_buf, hours, PDB_SET);
 
-	pdb_set_unknown_5 (pw_buf, 0x00020000);	/* don't know */
-	pdb_set_unknown_6 (pw_buf, 0x000004ec);	/* don't know */
+	pdb_set_unknown_5 (pw_buf, 0x00020000, PDB_DEFAULT);	/* don't know */
+	pdb_set_unknown_6 (pw_buf, 0x000004ec, PDB_DEFAULT);	/* don't know */
 
 	return True;
 }
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/passdb/pdb_smbpasswd.c HEAD-pdb/source/passdb/pdb_smbpasswd.c
--- HEAD/source/passdb/pdb_smbpasswd.c	Fri Sep 27 07:40:04 2002
+++ HEAD-pdb/source/passdb/pdb_smbpasswd.c	Tue Oct  8 16:07:07 2002
@@ -1204,16 +1204,16 @@ static BOOL build_sam_account(struct smb
 	    && (pw_buf->smb_userid >= smbpasswd_state->low_nua_userid) 
 	    && (pw_buf->smb_userid <= smbpasswd_state->high_nua_userid)) {
 
-		pdb_set_user_sid_from_rid(sam_pass, fallback_pdb_uid_to_user_rid (pw_buf->smb_userid));
+		pdb_set_user_sid_from_rid(sam_pass, fallback_pdb_uid_to_user_rid (pw_buf->smb_userid), PDB_SET);
 
 		/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. 
 		   
 		   This was down the bottom for machines, but it looks pretty good as
 		   a general default for non-unix users. --abartlet 2002-01-08
 		*/
-		pdb_set_group_sid_from_rid (sam_pass, DOMAIN_GROUP_RID_USERS); 
-		pdb_set_username (sam_pass, pw_buf->smb_name);
-		pdb_set_domain (sam_pass, lp_workgroup());
+		pdb_set_group_sid_from_rid (sam_pass, DOMAIN_GROUP_RID_USERS, PDB_SET); 
+		pdb_set_username (sam_pass, pw_buf->smb_name, PDB_SET);
+		pdb_set_domain (sam_pass, lp_workgroup(), PDB_DEFAULT);
 	} else {
 
 		pwfile = getpwnam_alloc(pw_buf->smb_name);
@@ -1229,18 +1229,18 @@ static BOOL build_sam_account(struct smb
 		passwd_free(&pwfile);
 	}
 	
-	pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd);
-	pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd);			
-	pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl);
-	pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time);
-	pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time, True);
+	pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd, PDB_SET);
+	pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd, PDB_SET);			
+	pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl, PDB_SET);
+	pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET);
+	pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET);
 	
 #if 0	/* JERRY */
 	/* the smbpasswd format doesn't have a must change time field, so
 	   we can't get this right. The best we can do is to set this to 
 	   some time in the future. 21 days seems as reasonable as any other value :) 
 	*/
-	pdb_set_pass_must_change_time (sam_pass, pw_buf->pass_last_set_time + MAX_PASSWORD_AGE);
+	pdb_set_pass_must_change_time (sam_pass, pw_buf->pass_last_set_time + MAX_PASSWORD_AGE, PDB_DEFAULT);
 #endif
 	return True;
 }
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/passdb/pdb_tdb.c HEAD-pdb/source/passdb/pdb_tdb.c
--- HEAD/source/passdb/pdb_tdb.c	Fri Sep 27 07:40:04 2002
+++ HEAD-pdb/source/passdb/pdb_tdb.c	Tue Oct  8 16:07:07 2002
@@ -163,28 +163,28 @@ static BOOL init_sam_from_buffer (struct
 		uid = pw->pw_uid;
 		gid = pw->pw_gid;
 		
-		pdb_set_unix_homedir(sampass, pw->pw_dir);
+		pdb_set_unix_homedir(sampass, pw->pw_dir, PDB_SET);
 
 		passwd_free(&pw);
 
-		pdb_set_uid(sampass, uid);
-		pdb_set_gid(sampass, gid);
+		pdb_set_uid(sampass, uid, PDB_SET);
+		pdb_set_gid(sampass, gid, PDB_SET);
 	}
 
-	pdb_set_logon_time(sampass, logon_time, True);
-	pdb_set_logoff_time(sampass, logoff_time, True);
-	pdb_set_kickoff_time(sampass, kickoff_time, True);
-	pdb_set_pass_can_change_time(sampass, pass_can_change_time, True);
-	pdb_set_pass_must_change_time(sampass, pass_must_change_time, True);
-	pdb_set_pass_last_set_time(sampass, pass_last_set_time);
-
-	pdb_set_username     (sampass, username); 
-	pdb_set_domain       (sampass, domain);
-	pdb_set_nt_username  (sampass, nt_username);
-	pdb_set_fullname     (sampass, fullname);
+	pdb_set_logon_time(sampass, logon_time, PDB_SET);
+	pdb_set_logoff_time(sampass, logoff_time, PDB_SET);
+	pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET);
+	pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET);
+	pdb_set_pass_must_change_time(sampass, pass_must_change_time, PDB_SET);
+	pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET);
+
+	pdb_set_username     (sampass, username, PDB_SET); 
+	pdb_set_domain       (sampass, domain, PDB_SET);
+	pdb_set_nt_username  (sampass, nt_username, PDB_SET);
+	pdb_set_fullname     (sampass, fullname, PDB_SET);
 
 	if (homedir) {
-		pdb_set_homedir(sampass, homedir, True);
+		pdb_set_homedir(sampass, homedir, PDB_SET);
 	}
 	else {
 		pdb_set_homedir(sampass, 
@@ -192,69 +192,69 @@ static BOOL init_sam_from_buffer (struct
 						       lp_logon_home(),
 						       username, domain, 
 						       uid, gid),
-				False);
+				PDB_DEFAULT);
 	}
 
 	if (dir_drive) 	
-		pdb_set_dir_drive(sampass, dir_drive, True);
+		pdb_set_dir_drive(sampass, dir_drive, PDB_SET);
 	else {
 		pdb_set_dir_drive(sampass, 
 				  talloc_sub_specified(sampass->mem_ctx, 
 							 lp_logon_drive(),
 							 username, domain, 
 							 uid, gid),
-				  False);
+				  PDB_DEFAULT);
 	}
 
 	if (logon_script) 
-		pdb_set_logon_script(sampass, logon_script, True);
+		pdb_set_logon_script(sampass, logon_script, PDB_SET);
 	else {
 		pdb_set_logon_script(sampass, 
 				     talloc_sub_specified(sampass->mem_ctx, 
 							    lp_logon_script(),
 							    username, domain, 
 							    uid, gid),
-				  False);
+				  PDB_DEFAULT);
 	}
 	
 	if (profile_path) {	
-		pdb_set_profile_path(sampass, profile_path, True);
+		pdb_set_profile_path(sampass, profile_path, PDB_SET);
 	} else {
 		pdb_set_profile_path(sampass, 
 				     talloc_sub_specified(sampass->mem_ctx, 
 							    lp_logon_path(),
 							    username, domain, 
 							    uid, gid),
-				     False);
+				     PDB_DEFAULT);
 	}
 
-	pdb_set_acct_desc    (sampass, acct_desc);
-	pdb_set_workstations (sampass, workstations);
-	pdb_set_munged_dial  (sampass, munged_dial);
+	pdb_set_acct_desc    (sampass, acct_desc, PDB_SET);
+	pdb_set_workstations (sampass, workstations, PDB_SET);
+	pdb_set_munged_dial  (sampass, munged_dial, PDB_SET);
 
 	if (lm_pw_ptr && lm_pw_len == LM_HASH_LEN) {
-		if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr)) {
+		if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr, PDB_SET)) {
 			ret = False;
 			goto done;
 		}
 	}
 
 	if (nt_pw_ptr && nt_pw_len == NT_HASH_LEN) {
-		if (!pdb_set_nt_passwd(sampass, nt_pw_ptr)) {
+		if (!pdb_set_nt_passwd(sampass, nt_pw_ptr, PDB_SET)) {
 			ret = False;
 			goto done;
 		}
 	}
 
-	pdb_set_user_sid_from_rid(sampass, user_rid);
-	pdb_set_group_sid_from_rid(sampass, group_rid);
-	pdb_set_unknown_3(sampass, unknown_3);
-	pdb_set_hours_len(sampass, hours_len);
-	pdb_set_unknown_5(sampass, unknown_5);
-	pdb_set_unknown_6(sampass, unknown_6);
-	pdb_set_acct_ctrl(sampass, acct_ctrl);
-	pdb_set_logon_divs(sampass, logon_divs);
-	pdb_set_hours(sampass, hours);
+	pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET);
+	pdb_set_group_sid_from_rid(sampass, group_rid, PDB_SET);
+	pdb_set_unknown_3(sampass, unknown_3, PDB_SET);
+	pdb_set_hours_len(sampass, hours_len, PDB_SET);
+	pdb_set_unknown_5(sampass, unknown_5, PDB_SET);
+	pdb_set_unknown_6(sampass, unknown_6, PDB_SET);
+	pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET);
+	pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
+	pdb_set_hours(sampass, hours, PDB_SET);
 
 done:
 
@@ -421,12 +421,12 @@ static uint32 init_buffer_from_sam (stru
 		lm_pw_len, lm_pw,
 		nt_pw_len, nt_pw,
 		pdb_get_acct_ctrl(sampass),
-		pdb_get_unknown3(sampass),
+		pdb_get_unknown_3(sampass),
 		pdb_get_logon_divs(sampass),
 		pdb_get_hours_len(sampass),
 		MAX_HOURS_LEN, pdb_get_hours(sampass),
-		pdb_get_unknown5(sampass),
-		pdb_get_unknown6(sampass));
+		pdb_get_unknown_5(sampass),
+		pdb_get_unknown_6(sampass));
 
 
 	/* malloc the space needed */
@@ -460,12 +460,12 @@ static uint32 init_buffer_from_sam (stru
 		lm_pw_len, lm_pw,
 		nt_pw_len, nt_pw,
 		pdb_get_acct_ctrl(sampass),
-		pdb_get_unknown3(sampass),
+		pdb_get_unknown_3(sampass),
 		pdb_get_logon_divs(sampass),
 		pdb_get_hours_len(sampass),
 		MAX_HOURS_LEN, pdb_get_hours(sampass),
-		pdb_get_unknown5(sampass),
-		pdb_get_unknown6(sampass));
+		pdb_get_unknown_5(sampass),
+		pdb_get_unknown_6(sampass));
 	
 	
 	/* check to make sure we got it correct */
@@ -781,7 +781,7 @@ static BOOL tdb_update_sam(struct pdb_me
 						goto done;
 					}
 				}
-				pdb_set_user_sid_from_rid(newpwd, user_rid);
+				pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED);
 			} else {
 				user_rid = tdb_state->low_nua_rid;
 				tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "NUA_RID_COUNTER", &user_rid, RID_MULTIPLIER);
@@ -794,7 +794,7 @@ static BOOL tdb_update_sam(struct pdb_me
 					ret = False;
 					goto done;
 				}
-				pdb_set_user_sid_from_rid(newpwd, user_rid);
+				pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED);
 			}
 		} else {
 			DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd)));
@@ -811,7 +811,7 @@ static BOOL tdb_update_sam(struct pdb_me
 				goto done;
 			} else {
 				/* This seems like a good default choice for non-unix users */
-				pdb_set_group_sid_from_rid(newpwd, DOMAIN_GROUP_RID_USERS);
+				pdb_set_group_sid_from_rid(newpwd, DOMAIN_GROUP_RID_USERS, PDB_DEFAULT);
 			}
 		} else {
 			DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd)));
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/rpc_parse/parse_samr.c HEAD-pdb/source/rpc_parse/parse_samr.c
--- HEAD/source/rpc_parse/parse_samr.c	Fri Sep 27 07:40:04 2002
+++ HEAD-pdb/source/rpc_parse/parse_samr.c	Tue Oct  8 16:07:07 2002
@@ -6061,11 +6061,11 @@ NTSTATUS init_sam_user_info21A(SAM_USER_
 	usr->user_rid  = user_rid;
 	usr->group_rid = group_rid;
 	usr->acb_info  = pdb_get_acct_ctrl(pw);
-	usr->unknown_3 = pdb_get_unknown3(pw);
+	usr->unknown_3 = pdb_get_unknown_3(pw);
 
 	usr->logon_divs = pdb_get_logon_divs(pw); 
 	usr->ptr_logon_hrs = pdb_get_hours(pw) ? 1 : 0;
-	usr->unknown_5 = pdb_get_unknown5(pw); /* 0x0002 0000 */
+	usr->unknown_5 = pdb_get_unknown_5(pw); /* 0x0002 0000 */
 
 	if (pdb_get_pass_must_change_time(pw) == 0) {
 		usr->passmustchange=PASS_MUST_CHANGE_AT_NEXT_LOGON;
@@ -6088,7 +6088,7 @@ NTSTATUS init_sam_user_info21A(SAM_USER_
 	init_unistr2(&usr->uni_unknown_str, NULL, len_unknown_str);
 	init_unistr2(&usr->uni_munged_dial, munged_dial, len_munged_dial);
 
-	usr->unknown_6 = pdb_get_unknown6(pw);
+	usr->unknown_6 = pdb_get_unknown_6(pw);
 	usr->padding4 = 0;
 
 	if (pdb_get_hours(pw)) {
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/rpc_server/srv_netlog_nt.c HEAD-pdb/source/rpc_server/srv_netlog_nt.c
--- HEAD/source/rpc_server/srv_netlog_nt.c	Mon Sep 23 20:33:28 2002
+++ HEAD-pdb/source/rpc_server/srv_netlog_nt.c	Tue Oct  8 16:07:07 2002
@@ -433,12 +433,12 @@ NTSTATUS _net_srv_pwset(pipes_struct *p,
 	cred_hash3( pwd, q_u->pwd, p->dc.sess_key, 0);
 
 	/* lies!  nt and lm passwords are _not_ the same: don't care */
-	if (!pdb_set_lanman_passwd (sampass, pwd)) {
+	if (!pdb_set_lanman_passwd (sampass, pwd, PDB_CHANGED)) {
 		pdb_free_sam(&sampass);
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (!pdb_set_nt_passwd     (sampass, pwd)) {
+	if (!pdb_set_nt_passwd     (sampass, pwd, PDB_CHANGED)) {
 		pdb_free_sam(&sampass);
 		return NT_STATUS_NO_MEMORY;
 	}
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/rpc_server/srv_samr_nt.c HEAD-pdb/source/rpc_server/srv_samr_nt.c
--- HEAD/source/rpc_server/srv_samr_nt.c	Tue Oct  8 17:32:37 2002
+++ HEAD-pdb/source/rpc_server/srv_samr_nt.c	Tue Oct  8 17:34:44 2002
@@ -205,8 +205,8 @@ static void samr_clear_sam_passwd(SAM_AC
 
 	/* These now zero out the old password */
 
-	pdb_set_lanman_passwd(sam_pass, NULL);
-	pdb_set_nt_passwd(sam_pass, NULL);
+	pdb_set_lanman_passwd(sam_pass, NULL, PDB_DEFAULT);
+	pdb_set_nt_passwd(sam_pass, NULL, PDB_DEFAULT);
 }
 
 
@@ -2288,13 +2288,13 @@ NTSTATUS _api_samr_create_user(pipes_str
 			return nt_status;
 		}
 		
-		if (!pdb_set_username(sam_pass, account)) {
+		if (!pdb_set_username(sam_pass, account, PDB_CHANGED)) {
 			pdb_free_sam(&sam_pass);
 			return NT_STATUS_NO_MEMORY;
 		}
 	}
 
- 	pdb_set_acct_ctrl(sam_pass, acb_info);
+ 	pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED);
  
  	if (!pdb_add_sam_account(sam_pass)) {
  		pdb_free_sam(&sam_pass);
@@ -2675,8 +2675,9 @@ static BOOL set_user_info_10(const SAM_U
 		pdb_free_sam(&pwd);
 		return False;
 	}
-
-	if (!pdb_set_acct_ctrl(pwd, id10->acb_info)) {
+	
+	/* FIX ME: check if the value is really changed --metze */
+	if (!pdb_set_acct_ctrl(pwd, id10->acb_info, PDB_CHANGED)) {
 		pdb_free_sam(&pwd);
 		return False;
 	}
@@ -2712,11 +2713,11 @@ static BOOL set_user_info_12(SAM_USER_IN
 		return False;
 	}
  
-	if (!pdb_set_lanman_passwd (pwd, id12->lm_pwd)) {
+	if (!pdb_set_lanman_passwd (pwd, id12->lm_pwd, PDB_CHANGED)) {
 		pdb_free_sam(&pwd);
 		return False;
 	}
-	if (!pdb_set_nt_passwd     (pwd, id12->nt_pwd)) {
+	if (!pdb_set_nt_passwd     (pwd, id12->nt_pwd, PDB_CHANGED)) {
 		pdb_free_sam(&pwd);
 		return False;
 	}
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/rpc_server/srv_samr_util.c HEAD-pdb/source/rpc_server/srv_samr_util.c
--- HEAD/source/rpc_server/srv_samr_util.c	Fri Sep 27 07:40:04 2002
+++ HEAD-pdb/source/rpc_server/srv_samr_util.c	Wed Oct  9 09:53:44 2002
@@ -47,14 +47,14 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		stored_time = pdb_get_logon_time(to);
 		DEBUG(10,("INFO_21 LOGON_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_logon_time(to, unix_time, True);
+			pdb_set_logon_time(to, unix_time, PDB_CHANGED);
 	}	
 	if (!nt_time_is_zero(&from->logoff_time)) {
 		unix_time=nt_time_to_unix(&from->logoff_time);
 		stored_time = pdb_get_logoff_time(to);
 		DEBUG(10,("INFO_21 LOGOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_logoff_time(to, unix_time, True);
+			pdb_set_logoff_time(to, unix_time, PDB_CHANGED);
 	}
 	
 	if (!nt_time_is_zero(&from->kickoff_time)) {
@@ -62,7 +62,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		stored_time = pdb_get_kickoff_time(to);
 		DEBUG(10,("INFO_21 KICKOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_kickoff_time(to, unix_time , True);
+			pdb_set_kickoff_time(to, unix_time , PDB_CHANGED);
 	}	
 
 	if (!nt_time_is_zero(&from->pass_can_change_time)) {
@@ -70,14 +70,14 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		stored_time = pdb_get_pass_can_change_time(to);
 		DEBUG(10,("INFO_21 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_pass_can_change_time(to, unix_time, True);
+			pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED);
 	}
 	if (!nt_time_is_zero(&from->pass_last_set_time)) {
 		unix_time=nt_time_to_unix(&from->pass_last_set_time);
 		stored_time = pdb_get_pass_last_set_time(to);
 		DEBUG(10,("INFO_21 PASS_LAST_SET: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_pass_last_set_time(to, unix_time);
+			pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED);
 	}
 
 	if (!nt_time_is_zero(&from->pass_must_change_time)) {
@@ -85,7 +85,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		stored_time=pdb_get_pass_must_change_time(to);
 		DEBUG(10,("INFO_21 PASS_MUST_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_pass_must_change_time(to, unix_time, True);
+			pdb_set_pass_must_change_time(to, unix_time, PDB_CHANGED);
 	}
 
 	/* Backend should check this for sainity */
@@ -94,7 +94,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_user_name);
 		DEBUG(10,("INFO_21 UNI_USER_NAME: %s -> %s\n", old_string, new_string));
 		if (STRING_CHANGED)
-		    pdb_set_username(to      , new_string);
+		    pdb_set_username(to      , new_string, PDB_CHANGED);
 	}
 
 	if (from->hdr_full_name.buffer) {
@@ -102,7 +102,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_user_name);
 		DEBUG(10,("INFO_21 UNI_FULL_NAME: %s -> %s\n",old_string, new_string));
 		if (STRING_CHANGED)
-			pdb_set_fullname(to      , new_string);
+			pdb_set_fullname(to      , new_string, PDB_CHANGED);
 	}
 	
 	if (from->hdr_home_dir.buffer) {
@@ -110,7 +110,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_home_dir);
 		DEBUG(10,("INFO_21 UNI_HOME_DIR: %s -> %s\n",old_string,new_string));
 		if (STRING_CHANGED)
-			pdb_set_homedir(to       , new_string, True);
+			pdb_set_homedir(to       , new_string, PDB_CHANGED);
 	}
 
 	if (from->hdr_dir_drive.buffer) {
@@ -118,7 +118,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_dir_drive);
 		DEBUG(10,("INFO_21 UNI_DIR_DRIVE: %s -> %s\n",old_string,new_string));
 		if (STRING_CHANGED)
-			pdb_set_dir_drive(to     , new_string, True);
+			pdb_set_dir_drive(to     , new_string, PDB_CHANGED);
 	}
 
 	if (from->hdr_logon_script.buffer) {
@@ -126,7 +126,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_logon_script);
 		DEBUG(10,("INFO_21 UNI_LOGON_SCRIPT: %s -> %s\n",old_string,new_string));
 		if (STRING_CHANGED)
-			pdb_set_logon_script(to  , new_string, True);
+			pdb_set_logon_script(to  , new_string, PDB_CHANGED);
 	}
 
 	if (from->hdr_profile_path.buffer) {
@@ -134,7 +134,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_profile_path);
 		DEBUG(10,("INFO_21 UNI_PROFILE_PATH: %s -> %s\n",old_string, new_string));
 		if (STRING_CHANGED)
-			pdb_set_profile_path(to  , new_string, True);
+			pdb_set_profile_path(to  , new_string, PDB_CHANGED);
 	}
 	
 	if (from->hdr_acct_desc.buffer) {
@@ -142,7 +142,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_acct_desc);
 		DEBUG(10,("INFO_21 UNI_ACCT_DESC: %s -> %s\n",old_string,new_string));
 		if (STRING_CHANGED)
-			pdb_set_acct_desc(to     , new_string);
+			pdb_set_acct_desc(to     , new_string, PDB_CHANGED);
 	}
 	
 	if (from->hdr_workstations.buffer) {
@@ -150,7 +150,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_workstations);
 		DEBUG(10,("INFO_21 UNI_WORKSTATIONS: %s -> %s\n",old_string, new_string));
 		if (STRING_CHANGED)
-			pdb_set_workstations(to  , new_string);
+			pdb_set_workstations(to  , new_string, PDB_CHANGED);
 	}
 
 	if (from->hdr_unknown_str.buffer) {
@@ -158,7 +158,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_unknown_str);
 		DEBUG(10,("INFO_21 UNI_UNKNOWN_STR: %s -> %s\n",old_string, new_string));
 		if (STRING_CHANGED)
-			pdb_set_unknown_str(to   , new_string);
+			pdb_set_unknown_str(to   , new_string, PDB_CHANGED);
 	}
 	
 	if (from->hdr_munged_dial.buffer) {
@@ -166,40 +166,53 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_munged_dial);
 		DEBUG(10,("INFO_21 UNI_MUNGED_DIAL: %s -> %s\n",old_string, new_string));
 		if (STRING_CHANGED)
-			pdb_set_munged_dial(to   , new_string);
+			pdb_set_munged_dial(to   , new_string, PDB_CHANGED);
 	}
 	
-	if (from->user_rid) {
+	if (from->user_rid != pdb_get_user_rid(to)) {
 		DEBUG(10,("INFO_21 USER_RID: %u -> %u NOT UPDATED!\n",pdb_get_user_rid(to),from->user_rid));
 		/* we really allow this ??? metze */
-		/* pdb_set_user_sid_from_rid(to, from->user_rid);*/
+		/* pdb_set_user_sid_from_rid(to, from->user_rid, PDB_CHANGED);*/
 	}
 	
-	if (from->group_rid) {
+	if (from->group_rid != pdb_get_group_rid(to)) {
 		DEBUG(10,("INFO_21 GROUP_RID: %u -> %u\n",pdb_get_group_rid(to),from->group_rid));
-		pdb_set_group_sid_from_rid(to, from->group_rid);
+		pdb_set_group_sid_from_rid(to, from->group_rid, PDB_CHANGED);
 	}
 	
 	DEBUG(10,("INFO_21 ACCT_CTRL: %08X -> %08X\n",pdb_get_acct_ctrl(to),from->acb_info));
-	pdb_set_acct_ctrl(to, from->acb_info);
+	if (from->acb_info != pdb_get_acct_ctrl(to)) {
+		pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED);
+	}
 
-	DEBUG(10,("INFO_21 UNKOWN_3: %08X -> %08X\n",pdb_get_unknown3(to),from->unknown_3));
-	pdb_set_unknown_3(to, from->unknown_3);
-	
+	DEBUG(10,("INFO_21 UNKOWN_3: %08X -> %08X\n",pdb_get_unknown_3(to),from->unknown_3));
+	if (from->unknown_3 != pdb_get_unknown_3(to)) {
+		pdb_set_unknown_3(to, from->unknown_3, PDB_CHANGED);
+	}
 
 	DEBUG(15,("INFO_21 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs));
-	pdb_set_logon_divs(to, from->logon_divs);
+	if (from->logon_divs != pdb_get_logon_divs(to)) {
+		pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED);
+	}
 
 	DEBUG(15,("INFO_21 LOGON_HRS.LEN: %08X -> %08X\n",pdb_get_hours_len(to),from->logon_hrs.len));
-	pdb_set_hours_len(to, from->logon_hrs.len);
+	if (from->logon_hrs.len != pdb_get_hours_len(to)) {
+		pdb_set_hours_len(to, from->logon_hrs.len, PDB_CHANGED);
+	}
+
 	DEBUG(15,("INFO_21 LOGON_HRS.HOURS: %s -> %s\n",pdb_get_hours(to),from->logon_hrs.hours));
-	pdb_set_hours(to, from->logon_hrs.hours);
+/* Fix me: only update if it changes --metze */
+	pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED);
 
-	DEBUG(10,("INFO_21 UNKOWN_5: %08X -> %08X\n",pdb_get_unknown5(to),from->unknown_5));
-	pdb_set_unknown_5(to, from->unknown_5);
+	DEBUG(10,("INFO_21 UNKOWN_5: %08X -> %08X\n",pdb_get_unknown_5(to),from->unknown_5));
+	if (from->unknown_5 != pdb_get_unknown_5(to)) {
+		pdb_set_unknown_5(to, from->unknown_5, PDB_CHANGED);
+	}
 
-	DEBUG(10,("INFO_21 UNKOWN_6: %08X -> %08X\n",pdb_get_unknown6(to),from->unknown_6));
-	pdb_set_unknown_6(to, from->unknown_6);
+	DEBUG(10,("INFO_21 UNKOWN_6: %08X -> %08X\n",pdb_get_unknown_6(to),from->unknown_6));
+	if (from->unknown_6 != pdb_get_unknown_6(to)) {
+		pdb_set_unknown_6(to, from->unknown_6, PDB_CHANGED);
+	}
 
 	DEBUG(10,("INFO_21 PADDING1 %02X %02X %02X %02X %02X %02X\n",
 		  from->padding1[0],
@@ -211,7 +224,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 
 	DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
 	if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) {
-		pdb_set_pass_must_change_time(to,0, True);		
+		pdb_set_pass_must_change_time(to,0, PDB_CHANGED);		
 	}
 
 	DEBUG(10,("INFO_21 PADDING_2: %02X\n",from->padding2));
@@ -236,14 +249,14 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		stored_time = pdb_get_logon_time(to);
 		DEBUG(10,("INFO_23 LOGON_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_logon_time(to, unix_time, True);
+			pdb_set_logon_time(to, unix_time, PDB_CHANGED);
 	}	
 	if (!nt_time_is_zero(&from->logoff_time)) {
 		unix_time=nt_time_to_unix(&from->logoff_time);
 		stored_time = pdb_get_logoff_time(to);
 		DEBUG(10,("INFO_23 LOGOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_logoff_time(to, unix_time, True);
+			pdb_set_logoff_time(to, unix_time, PDB_CHANGED);
 	}
 	
 	if (!nt_time_is_zero(&from->kickoff_time)) {
@@ -251,7 +264,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		stored_time = pdb_get_kickoff_time(to);
 		DEBUG(10,("INFO_23 KICKOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_kickoff_time(to, unix_time , True);
+			pdb_set_kickoff_time(to, unix_time , PDB_CHANGED);
 	}	
 
 	if (!nt_time_is_zero(&from->pass_can_change_time)) {
@@ -259,14 +272,14 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		stored_time = pdb_get_pass_can_change_time(to);
 		DEBUG(10,("INFO_23 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_pass_can_change_time(to, unix_time, True);
+			pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED);
 	}
 	if (!nt_time_is_zero(&from->pass_last_set_time)) {
 		unix_time=nt_time_to_unix(&from->pass_last_set_time);
 		stored_time = pdb_get_pass_last_set_time(to);
 		DEBUG(10,("INFO_23 PASS_LAST_SET: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_pass_last_set_time(to, unix_time);
+			pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED);
 	}
 
 	if (!nt_time_is_zero(&from->pass_must_change_time)) {
@@ -274,7 +287,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		stored_time=pdb_get_pass_must_change_time(to);
 		DEBUG(10,("INFO_23 PASS_MUST_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_pass_must_change_time(to, unix_time, True);
+			pdb_set_pass_must_change_time(to, unix_time, PDB_CHANGED);
 	}
 
 	/* Backend should check this for sainity */
@@ -283,7 +296,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_user_name);
 		DEBUG(10,("INFO_23 UNI_USER_NAME: %s -> %s\n", old_string, new_string));
 		if (STRING_CHANGED)
-		    pdb_set_username(to      , new_string);
+		    pdb_set_username(to      , new_string, PDB_CHANGED);
 	}
 
 	if (from->hdr_full_name.buffer) {
@@ -291,7 +304,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_user_name);
 		DEBUG(10,("INFO_23 UNI_FULL_NAME: %s -> %s\n",old_string, new_string));
 		if (STRING_CHANGED)
-			pdb_set_fullname(to      , new_string);
+			pdb_set_fullname(to      , new_string, PDB_CHANGED);
 	}
 	
 	if (from->hdr_home_dir.buffer) {
@@ -299,7 +312,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_home_dir);
 		DEBUG(10,("INFO_23 UNI_HOME_DIR: %s -> %s\n",old_string,new_string));
 		if (STRING_CHANGED)
-			pdb_set_homedir(to       , new_string, True);
+			pdb_set_homedir(to       , new_string, PDB_CHANGED);
 	}
 
 	if (from->hdr_dir_drive.buffer) {
@@ -307,7 +320,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_dir_drive);
 		DEBUG(10,("INFO_23 UNI_DIR_DRIVE: %s -> %s\n",old_string,new_string));
 		if (STRING_CHANGED)
-			pdb_set_dir_drive(to     , new_string, True);
+			pdb_set_dir_drive(to     , new_string, PDB_CHANGED);
 	}
 
 	if (from->hdr_logon_script.buffer) {
@@ -315,7 +328,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_logon_script);
 		DEBUG(10,("INFO_23 UNI_LOGON_SCRIPT: %s -> %s\n",old_string,new_string));
 		if (STRING_CHANGED)
-			pdb_set_logon_script(to  , new_string, True);
+			pdb_set_logon_script(to  , new_string, PDB_CHANGED);
 	}
 
 	if (from->hdr_profile_path.buffer) {
@@ -323,7 +336,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_profile_path);
 		DEBUG(10,("INFO_23 UNI_PROFILE_PATH: %s -> %s\n",old_string, new_string));
 		if (STRING_CHANGED)
-			pdb_set_profile_path(to  , new_string, True);
+			pdb_set_profile_path(to  , new_string, PDB_CHANGED);
 	}
 	
 	if (from->hdr_acct_desc.buffer) {
@@ -331,7 +344,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_acct_desc);
 		DEBUG(10,("INFO_23 UNI_ACCT_DESC: %s -> %s\n",old_string,new_string));
 		if (STRING_CHANGED)
-			pdb_set_acct_desc(to     , new_string);
+			pdb_set_acct_desc(to     , new_string, PDB_CHANGED);
 	}
 	
 	if (from->hdr_workstations.buffer) {
@@ -339,7 +352,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_workstations);
 		DEBUG(10,("INFO_23 UNI_WORKSTATIONS: %s -> %s\n",old_string, new_string));
 		if (STRING_CHANGED)
-			pdb_set_workstations(to  , new_string);
+			pdb_set_workstations(to  , new_string, PDB_CHANGED);
 	}
 
 	if (from->hdr_unknown_str.buffer) {
@@ -347,7 +360,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_unknown_str);
 		DEBUG(10,("INFO_23 UNI_UNKNOWN_STR: %s -> %s\n",old_string, new_string));
 		if (STRING_CHANGED)
-			pdb_set_unknown_str(to   , new_string);
+			pdb_set_unknown_str(to   , new_string, PDB_CHANGED);
 	}
 	
 	if (from->hdr_munged_dial.buffer) {
@@ -355,40 +368,53 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_munged_dial);
 		DEBUG(10,("INFO_23 UNI_MUNGED_DIAL: %s -> %s\n",old_string, new_string));
 		if (STRING_CHANGED)
-			pdb_set_munged_dial(to   , new_string);
+			pdb_set_munged_dial(to   , new_string, PDB_CHANGED);
 	}
 	
-	if (from->user_rid) {
+	if (from->user_rid != pdb_get_user_rid(to)) {
 		DEBUG(10,("INFO_23 USER_RID: %u -> %u NOT UPDATED!\n",pdb_get_user_rid(to),from->user_rid));
 		/* we really allow this ??? metze */
-		/* pdb_set_user_sid_from_rid(to, from->user_rid);*/
+		/* pdb_set_user_sid_from_rid(to, from->user_rid, PDB_CHANGED);*/
 	}
 	
-	if (from->group_rid) {
+	if (from->group_rid != pdb_get_group_rid(to)) {
 		DEBUG(10,("INFO_23 GROUP_RID: %u -> %u\n",pdb_get_group_rid(to),from->group_rid));
-		pdb_set_group_sid_from_rid(to, from->group_rid);
+		pdb_set_group_sid_from_rid(to, from->group_rid, PDB_CHANGED);
 	}
 	
 	DEBUG(10,("INFO_23 ACCT_CTRL: %08X -> %08X\n",pdb_get_acct_ctrl(to),from->acb_info));
-	pdb_set_acct_ctrl(to, from->acb_info);
+	if (from->acb_info != pdb_get_acct_ctrl(to)) {
+		pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED);
+	}
 
-	DEBUG(10,("INFO_23 UNKOWN_3: %08X -> %08X\n",pdb_get_unknown3(to),from->unknown_3));
-	pdb_set_unknown_3(to, from->unknown_3);
-	
+	DEBUG(10,("INFO_23 UNKOWN_3: %08X -> %08X\n",pdb_get_unknown_3(to),from->unknown_3));
+	if (from->unknown_3 != pdb_get_unknown_3(to)) {
+		pdb_set_unknown_3(to, from->unknown_3, PDB_CHANGED);
+	}
 
 	DEBUG(15,("INFO_23 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs));
-	pdb_set_logon_divs(to, from->logon_divs);
+	if (from->logon_divs != pdb_get_logon_divs(to)) {
+		pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED);
+	}
 
 	DEBUG(15,("INFO_23 LOGON_HRS.LEN: %08X -> %08X\n",pdb_get_hours_len(to),from->logon_hrs.len));
-	pdb_set_hours_len(to, from->logon_hrs.len);
+	if (from->logon_hrs.len != pdb_get_hours_len(to)) {
+		pdb_set_hours_len(to, from->logon_hrs.len, PDB_CHANGED);
+	}
+
 	DEBUG(15,("INFO_23 LOGON_HRS.HOURS: %s -> %s\n",pdb_get_hours(to),from->logon_hrs.hours));
-	pdb_set_hours(to, from->logon_hrs.hours);
+/* Fix me: only update if it changes --metze */
+	pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED);
 
-	DEBUG(10,("INFO_23 UNKOWN_5: %08X -> %08X\n",pdb_get_unknown5(to),from->unknown_5));
-	pdb_set_unknown_5(to, from->unknown_5);
+	DEBUG(10,("INFO_23 UNKOWN_5: %08X -> %08X\n",pdb_get_unknown_5(to),from->unknown_5));
+	if (from->unknown_5 != pdb_get_unknown_5(to)) {
+		pdb_set_unknown_5(to, from->unknown_5, PDB_CHANGED);
+	}
 
-	DEBUG(10,("INFO_23 UNKOWN_6: %08X -> %08X\n",pdb_get_unknown6(to),from->unknown_6));
-	pdb_set_unknown_6(to, from->unknown_6);
+	DEBUG(10,("INFO_23 UNKOWN_6: %08X -> %08X\n",pdb_get_unknown_6(to),from->unknown_6));
+	if (from->unknown_6 != pdb_get_unknown_6(to)) {
+		pdb_set_unknown_6(to, from->unknown_6, PDB_CHANGED);
+	}
 
 	DEBUG(10,("INFO_23 PADDING1 %02X %02X %02X %02X %02X %02X\n",
 		  from->padding1[0],
@@ -400,7 +426,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 
 	DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
 	if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) {
-		pdb_set_pass_must_change_time(to,0, True);		
+		pdb_set_pass_must_change_time(to,0, PDB_CHANGED);		
 	}
 
 	DEBUG(10,("INFO_23 PADDING_2: %02X\n",from->padding2));
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/smbd/chgpasswd.c HEAD-pdb/source/smbd/chgpasswd.c
--- HEAD/source/smbd/chgpasswd.c	Mon Jul 29 06:34:57 2002
+++ HEAD-pdb/source/smbd/chgpasswd.c	Tue Oct  8 19:50:41 2002
@@ -707,11 +707,11 @@ BOOL change_lanman_password(SAM_ACCOUNT 
 		D_P16(pwd, pass2, unenc_new_pw);
 	}
 
-	if (!pdb_set_lanman_passwd(sampass, unenc_new_pw)) {
+	if (!pdb_set_lanman_passwd(sampass, unenc_new_pw, PDB_CHANGED)) {
 		return False;
 	}
 
-	if (!pdb_set_nt_passwd    (sampass, NULL)) {
+	if (!pdb_set_nt_passwd    (sampass, NULL, PDB_CHANGED)) {
 		return False;	/* We lose the NT hash. Sorry. */
 	}
 
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/smbd/password.c HEAD-pdb/source/smbd/password.c
--- HEAD/source/smbd/password.c	Sat Sep  7 18:02:02 2002
+++ HEAD-pdb/source/smbd/password.c	Tue Oct  8 16:07:07 2002
@@ -134,7 +134,7 @@ int register_vuid(auth_serversupplied_in
 	 * the new real sam db won't have reference to unix uids or gids
 	 */
 	if (!IS_SAM_UNIX_USER(server_info->sam_account)) {
-		DEBUG(0,("Attempted session setup with invalid user.  No uid/gid in SAM_ACCOUNT (flags:%x)\n", pdb_get_init_flag(server_info->sam_account)));
+		DEBUG(0,("Attempted session setup with invalid user.  No uid/gid in SAM_ACCOUNT\n"));
 		free(vuser);
 		return UID_FIELD_INVALID;
 	}
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/utils/net_rpc_samsync.c HEAD-pdb/source/utils/net_rpc_samsync.c
--- HEAD/source/utils/net_rpc_samsync.c	Fri Oct  4 08:06:23 2002
+++ HEAD-pdb/source/utils/net_rpc_samsync.c	Tue Oct  8 16:07:07 2002
@@ -199,62 +199,62 @@ sam_account_from_delta(SAM_ACCOUNT *acco
 	   desc, workstations, profile. */
 
 	unistr2_to_ascii(s, &delta->uni_acct_name, sizeof(s) - 1);
-	pdb_set_nt_username(account, s);
+	pdb_set_nt_username(account, s, PDB_CHANGED);
 
 	/* Unix username is the same - for sainity */
-	pdb_set_username(account, s);
+	pdb_set_username(account, s, PDB_CHANGED);
 
 	unistr2_to_ascii(s, &delta->uni_full_name, sizeof(s) - 1);
-	pdb_set_fullname(account, s);
+	pdb_set_fullname(account, s, PDB_CHANGED);
 
 	unistr2_to_ascii(s, &delta->uni_home_dir, sizeof(s) - 1);
-	pdb_set_homedir(account, s, True);
+	pdb_set_homedir(account, s, PDB_CHANGED);
 
 	unistr2_to_ascii(s, &delta->uni_dir_drive, sizeof(s) - 1);
-	pdb_set_dir_drive(account, s, True);
+	pdb_set_dir_drive(account, s, PDB_CHANGED);
 
 	unistr2_to_ascii(s, &delta->uni_logon_script, sizeof(s) - 1);
-	pdb_set_logon_script(account, s, True);
+	pdb_set_logon_script(account, s, PDB_CHANGED);
 
 	unistr2_to_ascii(s, &delta->uni_acct_desc, sizeof(s) - 1);
-	pdb_set_acct_desc(account, s);
+	pdb_set_acct_desc(account, s, PDB_CHANGED);
 
 	unistr2_to_ascii(s, &delta->uni_workstations, sizeof(s) - 1);
-	pdb_set_workstations(account, s);
+	pdb_set_workstations(account, s, PDB_CHANGED);
 
 	unistr2_to_ascii(s, &delta->uni_profile, sizeof(s) - 1);
-	pdb_set_profile_path(account, s, True);
+	pdb_set_profile_path(account, s, PDB_CHANGED);
 
 	/* User and group sid */
 
-	pdb_set_user_sid_from_rid(account, delta->user_rid);
-	pdb_set_group_sid_from_rid(account, delta->group_rid);
+	pdb_set_user_sid_from_rid(account, delta->user_rid, PDB_CHANGED);
+	pdb_set_group_sid_from_rid(account, delta->group_rid, PDB_CHANGED);
 
 	/* Logon and password information */
 
-	pdb_set_logon_time(account, nt_time_to_unix(&delta->logon_time), True);
+	pdb_set_logon_time(account, nt_time_to_unix(&delta->logon_time), PDB_CHANGED);
 	pdb_set_logoff_time(account, nt_time_to_unix(&delta->logoff_time),
-			    True);
-	pdb_set_logon_divs(account, delta->logon_divs);
+			    PDB_CHANGED);
+	pdb_set_logon_divs(account, delta->logon_divs, PDB_CHANGED);
 
 	/* TODO: logon hours */
 	/* TODO: bad password count */
 	/* TODO: logon count */
 
 	pdb_set_pass_last_set_time(
-		account, nt_time_to_unix(&delta->pwd_last_set_time));
+		account, nt_time_to_unix(&delta->pwd_last_set_time), PDB_CHANGED);
 
-	pdb_set_kickoff_time(account, get_time_t_max(), True);
+	pdb_set_kickoff_time(account, get_time_t_max(), PDB_CHANGED);
 
 	/* Decode hashes from password hash */
 	sam_pwd_hash(delta->user_rid, delta->pass.buf_lm_pwd, lm_passwd, 0);
 	sam_pwd_hash(delta->user_rid, delta->pass.buf_nt_pwd, nt_passwd, 0);
-	pdb_set_nt_passwd(account, nt_passwd);
-	pdb_set_lanman_passwd(account, lm_passwd);
+	pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED);
+	pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED);
 
 	/* TODO: account expiry time */
 
-	pdb_set_acct_ctrl(account, delta->acb_info);
+	pdb_set_acct_ctrl(account, delta->acb_info, PDB_CHANGED);
 	return NT_STATUS_OK;
 }
 
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/utils/pdbedit.c HEAD-pdb/source/utils/pdbedit.c
--- HEAD/source/utils/pdbedit.c	Sun Oct  6 16:29:39 2002
+++ HEAD-pdb/source/utils/pdbedit.c	Tue Oct  8 16:07:07 2002
@@ -247,15 +247,15 @@ static int set_user_info (struct pdb_con
 	}
 	
 	if (fullname)
-		pdb_set_fullname(sam_pwent, fullname);
+		pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
 	if (homedir)
-		pdb_set_homedir(sam_pwent, homedir, True);
+		pdb_set_homedir(sam_pwent, homedir, PDB_CHANGED);
 	if (drive)
-		pdb_set_dir_drive(sam_pwent,drive, True);
+		pdb_set_dir_drive(sam_pwent,drive, PDB_CHANGED);
 	if (script)
-		pdb_set_logon_script(sam_pwent, script, True);
+		pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
 	if (profile)
-		pdb_set_profile_path (sam_pwent, profile, True);
+		pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED);
 	
 	if (NT_STATUS_IS_OK(in->pdb_update_sam_account (in, sam_pwent)))
 		print_user_info (in, username, True, False);
@@ -285,7 +285,7 @@ static int new_user (struct pdb_context 
 	} else {
 		fprintf (stderr, "WARNING: user %s does not exist in system passwd\n", username);
 		pdb_init_sam(&sam_pwent);
-		if (!pdb_set_username(sam_pwent, username)) {
+		if (!pdb_set_username(sam_pwent, username, PDB_CHANGED)) {
 			return False;
 		}
 	}
@@ -313,17 +313,17 @@ static int new_user (struct pdb_context 
 	SAFE_FREE(password2);
 
 	if (fullname)
-		pdb_set_fullname(sam_pwent, fullname);
+		pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
 	if (homedir)
-		pdb_set_homedir (sam_pwent, homedir, True);
+		pdb_set_homedir (sam_pwent, homedir, PDB_CHANGED);
 	if (drive)
-		pdb_set_dir_drive (sam_pwent, drive, True);
+		pdb_set_dir_drive (sam_pwent, drive, PDB_CHANGED);
 	if (script)
-		pdb_set_logon_script(sam_pwent, script, True);
+		pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
 	if (profile)
-		pdb_set_profile_path (sam_pwent, profile, True);
+		pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED);
 	
-	pdb_set_acct_ctrl (sam_pwent, ACB_NORMAL);
+	pdb_set_acct_ctrl (sam_pwent, ACB_NORMAL, PDB_CHANGED);
 	
 	if (NT_STATUS_IS_OK(in->pdb_add_sam_account (in, sam_pwent))) { 
 		print_user_info (in, username, True, False);
@@ -361,11 +361,11 @@ static int new_machine (struct pdb_conte
 	
 	pdb_set_plaintext_passwd (sam_pwent, password);
 
-	pdb_set_username (sam_pwent, name);
+	pdb_set_username (sam_pwent, name, PDB_CHANGED);
 	
-	pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST);
+	pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST, PDB_CHANGED);
 	
-	pdb_set_group_sid_from_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS);
+	pdb_set_group_sid_from_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS, PDB_CHANGED);
 	
 	if (NT_STATUS_IS_OK(in->pdb_add_sam_account (in, sam_pwent))) {
 		print_user_info (in, name, True, False);
-------------- next part --------------
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/auth/auth_unix.c HEAD-pdb/source/auth/auth_unix.c
--- HEAD/source/auth/auth_unix.c	Fri May 24 15:55:05 2002
+++ HEAD-pdb/source/auth/auth_unix.c	Tue Oct  8 16:07:07 2002
@@ -49,7 +49,7 @@ static BOOL update_smbpassword_file(cons
 	 * Remove the account disabled flag - we are updating the
 	 * users password from a login.
 	 */
-	if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED)) {
+	if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED, PDB_CHANGED)) {
 		pdb_free_sam(&sampass);
 		return False;
 	}
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/auth/auth_util.c HEAD-pdb/source/auth/auth_util.c
--- HEAD/source/auth/auth_util.c	Wed Sep 25 12:13:36 2002
+++ HEAD-pdb/source/auth/auth_util.c	Tue Oct  8 16:07:07 2002
@@ -931,47 +931,47 @@ NTSTATUS make_server_info_info3(TALLOC_C
 		return nt_status;
 	}
 		
-	if (!pdb_set_user_sid(sam_account, &user_sid)) {
+	if (!pdb_set_user_sid(sam_account, &user_sid, PDB_CHANGED)) {
 		pdb_free_sam(&sam_account);
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	if (!pdb_set_group_sid(sam_account, &group_sid)) {
+	if (!pdb_set_group_sid(sam_account, &group_sid, PDB_CHANGED)) {
 		pdb_free_sam(&sam_account);
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 		
-	if (!pdb_set_nt_username(sam_account, nt_username)) {
+	if (!pdb_set_nt_username(sam_account, nt_username, PDB_CHANGED)) {
 		pdb_free_sam(&sam_account);
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (!pdb_set_domain(sam_account, nt_domain)) {
+	if (!pdb_set_domain(sam_account, nt_domain, PDB_CHANGED)) {
 		pdb_free_sam(&sam_account);
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (!pdb_set_fullname(sam_account, pdb_unistr2_convert(&(info3->uni_full_name)))) {
+	if (!pdb_set_fullname(sam_account, pdb_unistr2_convert(&(info3->uni_full_name)), PDB_CHANGED)) {
 		pdb_free_sam(&sam_account);
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (!pdb_set_logon_script(sam_account, pdb_unistr2_convert(&(info3->uni_logon_script)), True)) {
+	if (!pdb_set_logon_script(sam_account, pdb_unistr2_convert(&(info3->uni_logon_script)), PDB_CHANGED)) {
 		pdb_free_sam(&sam_account);
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (!pdb_set_profile_path(sam_account, pdb_unistr2_convert(&(info3->uni_profile_path)), True)) {
+	if (!pdb_set_profile_path(sam_account, pdb_unistr2_convert(&(info3->uni_profile_path)), PDB_CHANGED)) {
 		pdb_free_sam(&sam_account);
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (!pdb_set_homedir(sam_account, pdb_unistr2_convert(&(info3->uni_home_dir)), True)) {
+	if (!pdb_set_homedir(sam_account, pdb_unistr2_convert(&(info3->uni_home_dir)), PDB_CHANGED)) {
 		pdb_free_sam(&sam_account);
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (!pdb_set_dir_drive(sam_account, pdb_unistr2_convert(&(info3->uni_dir_drive)), True)) {
+	if (!pdb_set_dir_drive(sam_account, pdb_unistr2_convert(&(info3->uni_dir_drive)), PDB_CHANGED)) {
 		pdb_free_sam(&sam_account);
 		return NT_STATUS_NO_MEMORY;
 	}
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/include/smb.h HEAD-pdb/source/include/smb.h
--- HEAD/source/include/smb.h	Tue Oct  8 15:53:11 2002
+++ HEAD-pdb/source/include/smb.h	Tue Oct  8 16:49:08 2002
@@ -572,22 +572,50 @@ typedef struct {
 #define FLAG_SAM_UNINIT		0x00000000
 #define FLAG_SAM_UID		0x00000001
 #define FLAG_SAM_GID		0x00000002
-#define FLAG_SAM_SMBHOME	0x00000004
-#define FLAG_SAM_PROFILE	0x00000008
-#define FLAG_SAM_DRIVE          0x00000010
-#define FLAG_SAM_LOGONSCRIPT	0x00000020
-#define FLAG_SAM_LOGONTIME	0x00000040
-#define FLAG_SAM_LOGOFFTIME	0x00000080
-#define FLAG_SAM_KICKOFFTIME	0x00000100
-#define FLAG_SAM_CANCHANGETIME	0x00000200
-#define FLAG_SAM_MUSTCHANGETIME	0x00000400
-#define FLAG_SAM_PLAINTEXT_PW   0x00000800
+#define FLAG_SAM_SMBHOME	0x00000003
+#define FLAG_SAM_PROFILE	0x00000004
+#define FLAG_SAM_DRIVE          0x00000005
+#define FLAG_SAM_LOGONSCRIPT	0x00000006
+#define FLAG_SAM_LOGONTIME	0x00000007
+#define FLAG_SAM_LOGOFFTIME	0x00000008
+#define FLAG_SAM_KICKOFFTIME	0x00000009
+#define FLAG_SAM_CANCHANGETIME	0x0000000A
+#define FLAG_SAM_MUSTCHANGETIME	0x0000000B
+#define FLAG_SAM_PLAINTEXT_PW   0x0000000C
+#define FLAG_SAM_USERNAME	0x0000000D
+#define FLAG_SAM_FULLNAME	0x0000000E
+#define FLAG_SAM_DOMAIN		0x0000000F
+#define FLAG_SAM_NTUSERNAME	0x00000010
+#define FLAG_SAM_HOURSLEN	0x00000011
+#define FLAG_SAM_LOGONDIVS	0x00000012
+#define FLAG_SAM_USERSID	0x00000013
+#define FLAG_SAM_GROUPSID	0x00000014
+#define FLAG_SAM_ACCTCTRL	0x00000015
+#define FLAG_SAM_PASSLASTSET	0x00000016
+#define FLAG_SAM_UNIXHOMEDIR	0x00000017
+#define FLAG_SAM_ACCTDESC	0x00000018
+#define FLAG_SAM_WORKSTATIONS	0x00000019
+#define FLAG_SAM_UNKNOWNSTR	0x0000001A
+#define FLAG_SAM_MUNGEDDIAL	0x0000001B
+#define FLAG_SAM_HOURS		0x0000001C
+#define FLAG_SAM_UNKNOWN3	0x0000001D
+#define FLAG_SAM_UNKNOWN5	0x0000001E
+#define FLAG_SAM_UNKNOWN6	0x0000001F
+#define FLAG_SAM_LMPASSWD	0x00000020
+#define FLAG_SAM_NTPASSWD	0x00000021
+
+/* if you add a flag increment FLAG_SAM_COUNT */
+#define FLAG_SAM_COUNT		0x00000022
+
+enum{PDB_DEFAULT=0,PDB_SET,PDB_CHANGED};
 
 #define IS_SAM_UNIX_USER(x) \
-	((pdb_get_init_flag(x) & FLAG_SAM_UID) \
-	 && (pdb_get_init_flag(x) & FLAG_SAM_GID))
+	(( pdb_get_init_flags(x, FLAG_SAM_UID) != PDB_DEFAULT ) \
+	 && ( pdb_get_init_flags(x,FLAG_SAM_GID) != PDB_DEFAULT ))
 
-#define IS_SAM_SET(x, flag)	((x)->private.init_flag & (flag))
+#define IS_SAM_SET(x, flag)	(pdb_get_init_flags(x, flag) == PDB_SET)
+#define IS_SAM_CHANGED(x, flag)	(pdb_get_init_flags(x, flag) == PDB_CHANGED)
+#define IS_SAM_DEFAULT(x, flag)	(pdb_get_init_flags(x, flag) == PDB_DEFAULT)
 		
 typedef struct sam_passwd
 {
@@ -599,8 +627,9 @@ typedef struct sam_passwd
 
 	struct user_data {
 		/* initiailization flags */
-		uint32 init_flag;
-		
+		struct bitmap *change_flags;
+		struct bitmap *set_flags;
+
 		time_t logon_time;            /* logon time */
 		time_t logoff_time;           /* logoff time */
 		time_t kickoff_time;          /* kickoff time */
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/include/stamp-h HEAD-pdb/source/include/stamp-h
--- HEAD/source/include/stamp-h	Thu Jan  1 01:00:00 1970
+++ HEAD-pdb/source/include/stamp-h	Tue Oct  8 16:10:36 2002
@@ -0,0 +1 @@
+Sun Jul 18 20:32:29 UTC 1999
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/lib/bitmap.c HEAD-pdb/source/lib/bitmap.c
--- HEAD/source/lib/bitmap.c	Wed Jan 30 07:08:16 2002
+++ HEAD-pdb/source/lib/bitmap.c	Tue Oct  8 16:07:07 2002
@@ -60,6 +60,30 @@ void bitmap_free(struct bitmap *bm)
 }
 
 /****************************************************************************
+talloc a bitmap
+****************************************************************************/
+struct bitmap *bitmap_talloc(TALLOC_CTX *mem_ctx, int n)
+{
+	struct bitmap *bm;
+
+	if (!mem_ctx) return NULL;
+
+	bm = (struct bitmap *)talloc(mem_ctx, sizeof(*bm));
+
+	if (!bm) return NULL;
+	
+	bm->n = n;
+	bm->b = (uint32 *)talloc(mem_ctx, sizeof(bm->b[0])*(n+31)/32);
+	if (!bm->b) {
+		return NULL;
+	}
+
+	memset(bm->b, 0, sizeof(bm->b[0])*(n+31)/32);
+
+	return bm;
+}
+
+/****************************************************************************
 set a bit in a bitmap
 ****************************************************************************/
 BOOL bitmap_set(struct bitmap *bm, unsigned i)
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/passdb/passdb.c HEAD-pdb/source/passdb/passdb.c
--- HEAD/source/passdb/passdb.c	Fri Sep 27 07:40:04 2002
+++ HEAD-pdb/source/passdb/passdb.c	Tue Oct  8 16:07:07 2002
@@ -45,7 +45,6 @@ static void pdb_fill_default_sam(SAM_ACC
         /* Don't change these timestamp settings without a good reason.
            They are important for NT member server compatibility. */
 
-	user->private.init_flag		    = FLAG_SAM_UNINIT;
 	user->private.uid = user->private.gid	    = -1;
 
 	user->private.logon_time            = (time_t)0;
@@ -177,15 +176,15 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sa
 
 	pdb_fill_default_sam(sam_account);
 
-	pdb_set_username(sam_account, pwd->pw_name);
-	pdb_set_fullname(sam_account, pwd->pw_gecos);
+	pdb_set_username(sam_account, pwd->pw_name, PDB_SET);
+	pdb_set_fullname(sam_account, pwd->pw_gecos, PDB_SET);
 
-	pdb_set_unix_homedir(sam_account, pwd->pw_dir);
+	pdb_set_unix_homedir(sam_account, pwd->pw_dir, PDB_SET);
 
-	pdb_set_domain (sam_account, lp_workgroup());
+	pdb_set_domain (sam_account, lp_workgroup(), PDB_DEFAULT);
 
-	pdb_set_uid(sam_account, pwd->pw_uid);
-	pdb_set_gid(sam_account, pwd->pw_gid);
+	pdb_set_uid(sam_account, pwd->pw_uid, PDB_SET);
+	pdb_set_gid(sam_account, pwd->pw_gid, PDB_SET);
 	
 	/* When we get a proper uid -> SID and SID -> uid allocation
 	   mechinism, we should call it here.  
@@ -200,29 +199,29 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sa
 
 	/* Ensure this *must* be set right */
 	if (strcmp(pwd->pw_name, guest_account) == 0) {
-		if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST)) {
+		if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST, PDB_DEFAULT)) {
 			return NT_STATUS_UNSUCCESSFUL;
 		}
-		if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS)) {
+		if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS, PDB_DEFAULT)) {
 			return NT_STATUS_UNSUCCESSFUL;
 		}
 	} else {
 
 		if (!pdb_set_user_sid_from_rid(sam_account, 
-					       fallback_pdb_uid_to_user_rid(pwd->pw_uid))) {
+					       fallback_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) {
 			DEBUG(0,("Can't set User SID from RID!\n"));
 			return NT_STATUS_INVALID_PARAMETER;
 		}
 		
 		/* call the mapping code here */
 		if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
-			if (!pdb_set_group_sid(sam_account,&map.sid)){
+			if (!pdb_set_group_sid(sam_account,&map.sid, PDB_SET)){
 				DEBUG(0,("Can't set Group SID!\n"));
 				return NT_STATUS_INVALID_PARAMETER;
 			}
 		} 
 		else {
-			if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid))) {
+			if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) {
 				DEBUG(0,("Can't set Group SID\n"));
 				return NT_STATUS_INVALID_PARAMETER;
 			}
@@ -237,34 +236,34 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sa
 							    lp_logon_path(), 
 							    pwd->pw_name, global_myname, 
 							    pwd->pw_uid, pwd->pw_gid), 
-				     False);
+				     PDB_DEFAULT);
 		
 		pdb_set_homedir(sam_account, 
 				talloc_sub_specified((sam_account)->mem_ctx, 
 						       lp_logon_home(),
 						       pwd->pw_name, global_myname, 
 						       pwd->pw_uid, pwd->pw_gid),
-				False);
+				PDB_DEFAULT);
 		
 		pdb_set_dir_drive(sam_account, 
 				  talloc_sub_specified((sam_account)->mem_ctx, 
 							 lp_logon_drive(),
 							 pwd->pw_name, global_myname, 
 							 pwd->pw_uid, pwd->pw_gid),
-				  False);
+				  PDB_DEFAULT);
 		
 		pdb_set_logon_script(sam_account, 
 				     talloc_sub_specified((sam_account)->mem_ctx, 
 							    lp_logon_script(),
 							    pwd->pw_name, global_myname, 
 							    pwd->pw_uid, pwd->pw_gid), 
-				     False);
-		if (!pdb_set_acct_ctrl(sam_account, ACB_NORMAL)) {
+				     PDB_DEFAULT);
+		if (!pdb_set_acct_ctrl(sam_account, ACB_NORMAL, PDB_DEFAULT)) {
 			DEBUG(1, ("Failed to set 'normal account' flags for user %s.\n", pwd->pw_name));
 			return NT_STATUS_UNSUCCESSFUL;
 		}
 	} else {
-		if (!pdb_set_acct_ctrl(sam_account, ACB_WSTRUST)) {
+		if (!pdb_set_acct_ctrl(sam_account, ACB_WSTRUST, PDB_DEFAULT)) {
 			DEBUG(1, ("Failed to set 'trusted workstation account' flags for user %s.\n", pwd->pw_name));
 			return NT_STATUS_UNSUCCESSFUL;
 		}
@@ -842,7 +841,7 @@ BOOL local_sid_to_uid(uid_t *puid, const
 	
 	if (pdb_getsampwsid(sam_user, psid)) {
 		
-		if (!(pdb_get_init_flag(sam_user) & FLAG_SAM_UID)) { 
+		if (IS_SAM_SET(sam_user,FLAG_SAM_UID)||IS_SAM_CHANGED(sam_user,FLAG_SAM_UID)) { 
 			pdb_free_sam(&sam_user);
 			return False;
 		}
@@ -1037,7 +1036,7 @@ BOOL local_password_change(const char *u
 				return False;
 			}
 
-	        	if (!pdb_set_username(sam_pass, user_name)) {
+	        	if (!pdb_set_username(sam_pass, user_name, PDB_SET)) {
 	                	slprintf(err_str, err_str_len - 1, "Failed to set username for user %s.\n", user_name);
 	               	 	pdb_free_sam(&sam_pass);
 	               	 	return False;
@@ -1051,19 +1050,19 @@ BOOL local_password_change(const char *u
 	/* the 'other' acb bits not being changed here */
 	other_acb =  (pdb_get_acct_ctrl(sam_pass) & (!(ACB_WSTRUST|ACB_DOMTRUST|ACB_SVRTRUST|ACB_NORMAL)));
 	if (local_flags & LOCAL_TRUST_ACCOUNT) {
-		if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST | other_acb) ) {
+		if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST | other_acb, PDB_SET) ) {
 			slprintf(err_str, err_str_len - 1, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name);
 			pdb_free_sam(&sam_pass);
 			return False;
 		}
 	} else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
-		if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST | other_acb)) {
+		if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST | other_acb, PDB_SET)) {
 			slprintf(err_str, err_str_len - 1, "Failed to set 'domain trust account' flags for user %s.\n", user_name);
 			pdb_free_sam(&sam_pass);
 			return False;
 		}
 	} else {
-		if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL | other_acb)) {
+		if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL | other_acb, PDB_SET)) {
 			slprintf(err_str, err_str_len - 1, "Failed to set 'normal account' flags for user %s.\n", user_name);
 			pdb_free_sam(&sam_pass);
 			return False;
@@ -1076,13 +1075,13 @@ BOOL local_password_change(const char *u
 	 */
 
 	if (local_flags & LOCAL_DISABLE_USER) {
-		if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED)) {
+		if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED, PDB_SET)) {
 			slprintf(err_str, err_str_len-1, "Failed to set 'disabled' flag for user %s.\n", user_name);
 			pdb_free_sam(&sam_pass);
 			return False;
 		}
 	} else if (local_flags & LOCAL_ENABLE_USER) {
-		if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED))) {
+		if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_SET)) {
 			slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name);
 			pdb_free_sam(&sam_pass);
 			return False;
@@ -1090,7 +1089,7 @@ BOOL local_password_change(const char *u
 	}
 	
 	if (local_flags & LOCAL_SET_NO_PASSWORD) {
-		if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ)) {
+		if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ, PDB_SET)) {
 			slprintf(err_str, err_str_len-1, "Failed to set 'no password required' flag for user %s.\n", user_name);
 			pdb_free_sam(&sam_pass);
 			return False;
@@ -1106,13 +1105,13 @@ BOOL local_password_change(const char *u
 		 * don't create them disabled). JRA.
 		 */
 		if ((pdb_get_lanman_passwd(sam_pass)==NULL) && (pdb_get_acct_ctrl(sam_pass)&ACB_DISABLED)) {
-			if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED))) {
+			if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_SET)) {
 				slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name);
 				pdb_free_sam(&sam_pass);
 				return False;
 			}
 		}
-		if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ))) {
+		if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ), PDB_SET)) {
 			slprintf(err_str, err_str_len-1, "Failed to unset 'no password required' flag for user %s.\n", user_name);
 			pdb_free_sam(&sam_pass);
 			return False;
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/passdb/pdb_compat.c HEAD-pdb/source/passdb/pdb_compat.c
--- HEAD/source/passdb/pdb_compat.c	Wed Jul  3 09:37:51 2002
+++ HEAD-pdb/source/passdb/pdb_compat.c	Tue Oct  8 16:07:07 2002
@@ -48,7 +48,7 @@ uint32 pdb_get_group_rid (const SAM_ACCO
 	return (0);
 }
 
-BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid)
+BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid, uint8 flag)
 {
 	DOM_SID u_sid;
 	const DOM_SID *global_sam_sid;
@@ -66,7 +66,7 @@ BOOL pdb_set_user_sid_from_rid (SAM_ACCO
 	if (!sid_append_rid(&u_sid, rid))
 		return False;
 
-	if (!pdb_set_user_sid(sampass, &u_sid))
+	if (!pdb_set_user_sid(sampass, &u_sid, flag))
 		return False;
 
 	DEBUG(10, ("pdb_set_user_sid_from_rid:\n\tsetting user sid %s from rid %d\n", 
@@ -75,7 +75,7 @@ BOOL pdb_set_user_sid_from_rid (SAM_ACCO
 	return True;
 }
 
-BOOL pdb_set_group_sid_from_rid (SAM_ACCOUNT *sampass, uint32 grid)
+BOOL pdb_set_group_sid_from_rid (SAM_ACCOUNT *sampass, uint32 grid, uint8 flag)
 {
 	DOM_SID g_sid;
 	const DOM_SID *global_sam_sid;
@@ -93,7 +93,7 @@ BOOL pdb_set_group_sid_from_rid (SAM_ACC
 	if (!sid_append_rid(&g_sid, grid))
 		return False;
 
-	if (!pdb_set_group_sid(sampass, &g_sid))
+	if (!pdb_set_group_sid(sampass, &g_sid, flag))
 		return False;
 
 	DEBUG(10, ("pdb_set_group_sid_from_rid:\n\tsetting group sid %s from rid %d\n", 
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/passdb/pdb_get_set.c HEAD-pdb/source/passdb/pdb_get_set.c
--- HEAD/source/passdb/pdb_get_set.c	Fri Sep 27 07:40:04 2002
+++ HEAD-pdb/source/passdb/pdb_get_set.c	Tue Oct  8 16:07:07 2002
@@ -37,7 +37,7 @@
 #define PDB_NOT_QUITE_NULL ""
 
 /*********************************************************************
- Collection of get...() functions for SAM_ACCOUNT_INFO.
+ Collection of get...() functions for SAM_ACCOUNT.
  ********************************************************************/
 
 uint16 pdb_get_acct_ctrl (const SAM_ACCOUNT *sampass)
@@ -178,12 +178,20 @@ const DOM_SID *pdb_get_group_sid(const S
  * @return the flags indicating the members initialised in the struct.
  **/
  
-uint32 pdb_get_init_flag (const SAM_ACCOUNT *sampass)
+uint8 pdb_get_init_flags (const SAM_ACCOUNT *sampass, uint32 flag)
 {
-        if (sampass)
-		return sampass->private.init_flag;
-	else 
-                return FLAG_SAM_UNINIT;
+	uint8 ret = PDB_DEFAULT;
+	
+        if (!sampass || !sampass->private.change_flags || !sampass->private.set_flags)
+        	return ret;
+        	
+        if (bitmap_query(sampass->private.set_flags, flag))
+        	ret = PDB_SET;
+        	
+        if (bitmap_query(sampass->private.change_flags, flag))
+        	ret = PDB_CHANGED;
+        	
+        return ret;
 }
 
 uid_t pdb_get_uid (const SAM_ACCOUNT *sampass)
@@ -306,7 +314,7 @@ const char* pdb_get_munged_dial (const S
 		return (NULL);
 }
 
-uint32 pdb_get_unknown3 (const SAM_ACCOUNT *sampass)
+uint32 pdb_get_unknown_3 (const SAM_ACCOUNT *sampass)
 {
 	if (sampass)
 		return (sampass->private.unknown_3);
@@ -314,7 +322,7 @@ uint32 pdb_get_unknown3 (const SAM_ACCOU
 		return (-1);
 }
 
-uint32 pdb_get_unknown5 (const SAM_ACCOUNT *sampass)
+uint32 pdb_get_unknown_5 (const SAM_ACCOUNT *sampass)
 {
 	if (sampass)
 		return (sampass->private.unknown_5);
@@ -322,7 +330,7 @@ uint32 pdb_get_unknown5 (const SAM_ACCOU
 		return (-1);
 }
 
-uint32 pdb_get_unknown6 (const SAM_ACCOUNT *sampass)
+uint32 pdb_get_unknown_6 (const SAM_ACCOUNT *sampass)
 {
 	if (sampass)
 		return (sampass->private.unknown_6);
@@ -331,113 +339,97 @@ uint32 pdb_get_unknown6 (const SAM_ACCOU
 }
 
 /*********************************************************************
- Collection of set...() functions for SAM_ACCOUNT_INFO.
+ Collection of set...() functions for SAM_ACCOUNT.
  ********************************************************************/
 
-BOOL pdb_set_acct_ctrl (SAM_ACCOUNT *sampass, uint16 flags)
+BOOL pdb_set_acct_ctrl (SAM_ACCOUNT *sampass, uint16 acct_ctrl, uint8 flag)
 {
 	if (!sampass)
 		return False;
 		
-	if (sampass) {
-		sampass->private.acct_ctrl = flags;
-		return True;
-	}
-	
-	return False;
+	sampass->private.acct_ctrl = acct_ctrl;
+
+	return pdb_set_init_flags(sampass, FLAG_SAM_ACCTCTRL, flag);
 }
 
-BOOL pdb_set_logon_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
+BOOL pdb_set_logon_time (SAM_ACCOUNT *sampass, time_t mytime, uint8 flag)
 {
 	if (!sampass)
 		return False;
 
 	sampass->private.logon_time = mytime;
 
-	if (store)
-		pdb_set_init_flag(sampass, FLAG_SAM_LOGONTIME); 
-
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_LOGONTIME, flag);
 }
 
-BOOL pdb_set_logoff_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
+BOOL pdb_set_logoff_time (SAM_ACCOUNT *sampass, time_t mytime, uint8 flag)
 {
 	if (!sampass)
 		return False;
 
 	sampass->private.logoff_time = mytime;
 
-	if (store)
-		pdb_set_init_flag(sampass, FLAG_SAM_LOGOFFTIME); 
-
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_LOGOFFTIME, flag);
 }
 
-BOOL pdb_set_kickoff_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
+BOOL pdb_set_kickoff_time (SAM_ACCOUNT *sampass, time_t mytime, uint8 flag)
 {
 	if (!sampass)
 		return False;
 
 	sampass->private.kickoff_time = mytime;
 
-	if (store)
-		pdb_set_init_flag(sampass, FLAG_SAM_KICKOFFTIME); 
-
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_KICKOFFTIME, flag);
 }
 
-BOOL pdb_set_pass_can_change_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
+BOOL pdb_set_pass_can_change_time (SAM_ACCOUNT *sampass, time_t mytime, uint8 flag)
 {
 	if (!sampass)
 		return False;
 
 	sampass->private.pass_can_change_time = mytime;
 
-	if (store)
-		pdb_set_init_flag(sampass, FLAG_SAM_CANCHANGETIME); 
-
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_CANCHANGETIME, flag);
 }
 
-BOOL pdb_set_pass_must_change_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
+BOOL pdb_set_pass_must_change_time (SAM_ACCOUNT *sampass, time_t mytime, uint8 flag)
 {
 	if (!sampass)
 		return False;
 
 	sampass->private.pass_must_change_time = mytime;
 
-	if (store)
-		pdb_set_init_flag(sampass, FLAG_SAM_MUSTCHANGETIME); 
-
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_MUSTCHANGETIME, flag);
 }
 
-BOOL pdb_set_pass_last_set_time (SAM_ACCOUNT *sampass, time_t mytime)
+BOOL pdb_set_pass_last_set_time (SAM_ACCOUNT *sampass, time_t mytime, uint8 flag)
 {
 	if (!sampass)
 		return False;
 
 	sampass->private.pass_last_set_time = mytime;
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_PASSLASTSET, flag);
 }
 
-BOOL pdb_set_hours_len (SAM_ACCOUNT *sampass, uint32 len)
+BOOL pdb_set_hours_len (SAM_ACCOUNT *sampass, uint32 len, uint8 flag)
 {
 	if (!sampass)
 		return False;
 
 	sampass->private.hours_len = len;
-	return True;
+
+	return pdb_set_init_flags(sampass, FLAG_SAM_HOURSLEN, flag);
 }
 
-BOOL pdb_set_logon_divs (SAM_ACCOUNT *sampass, uint16 hours)
+BOOL pdb_set_logon_divs (SAM_ACCOUNT *sampass, uint16 hours, uint8 flag)
 {
 	if (!sampass)
 		return False;
 
 	sampass->private.logon_divs = hours;
-	return True;
+
+	return pdb_set_init_flags(sampass, FLAG_SAM_LOGONDIVS, flag);
 }
 
 /**
@@ -447,18 +439,67 @@ BOOL pdb_set_logon_divs (SAM_ACCOUNT *sa
  *             this flag is only added.  
  **/
  
-BOOL pdb_set_init_flag (SAM_ACCOUNT *sampass, uint32 flag)
+BOOL pdb_set_init_flags (SAM_ACCOUNT *sampass, uint32 flag, uint8 value_flag)
 {
-        if (!sampass)
+        if (!sampass || !sampass->mem_ctx)
                 return False;
 
-        sampass->private.init_flag |= flag;
+        if (!sampass->private.set_flags) {
+        	if ((sampass->private.set_flags = 
+        		bitmap_talloc(sampass->mem_ctx, 
+        				FLAG_SAM_COUNT))==NULL) {
+        		DEBUG(0,("bitmap_talloc failed\n"));
+        		return False;
+        	}
+        }
+        if (!sampass->private.change_flags) {
+        	if ((sampass->private.change_flags = 
+        		bitmap_talloc(sampass->mem_ctx, 
+        				FLAG_SAM_COUNT))==NULL) {
+        		DEBUG(0,("bitmap_talloc failed\n"));
+        		return False;
+        	}
+        }
+        
+        switch(value_flag) {
+        	case PDB_CHANGED:
+        		if (!bitmap_set(sampass->private.change_flags, flag)) {
+				DEBUG(0,("Can't set flag: %08X in change_flags.\n",flag));
+				return False;
+			}
+        		if (!bitmap_set(sampass->private.set_flags, flag)) {
+				DEBUG(0,("Can't set flag: %08X in set_falgs.\n",flag));
+				return False;
+			}
+        		break;
+        	case PDB_SET:
+        		if (!bitmap_clear(sampass->private.change_flags, flag)) {
+				DEBUG(0,("Can't set flag: %08X in change_flags.\n",flag));
+				return False;
+			}
+        		if (!bitmap_set(sampass->private.set_flags, flag)) {
+				DEBUG(0,("Can't set flag: %08X in set_falgs.\n",flag));
+				return False;
+			}
+        		break;
+        	case PDB_DEFAULT:
+        	default:
+        		if (!bitmap_clear(sampass->private.change_flags, flag)) {
+				DEBUG(0,("Can't set flag: %08X in change_flags.\n",flag));
+				return False;
+			}
+        		if (!bitmap_clear(sampass->private.set_flags, flag)) {
+				DEBUG(0,("Can't set flag: %08X in set_falgs.\n",flag));
+				return False;
+			}
+        		break;
+	}
 
         return True;
 }
 
-BOOL pdb_set_uid (SAM_ACCOUNT *sampass, const uid_t uid)
-{
+BOOL pdb_set_uid (SAM_ACCOUNT *sampass, const uid_t uid, uint8 flag)
+{	
 	if (!sampass)
 		return False;
 	
@@ -466,13 +507,11 @@ BOOL pdb_set_uid (SAM_ACCOUNT *sampass, 
 		   (int)uid, (int)sampass->private.uid));
  
 	sampass->private.uid = uid;
-	pdb_set_init_flag(sampass, FLAG_SAM_UID); 
-
-	return True;
-
+	
+	return pdb_set_init_flags(sampass, FLAG_SAM_UID, flag);
 }
 
-BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t gid)
+BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t gid, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -481,13 +520,11 @@ BOOL pdb_set_gid (SAM_ACCOUNT *sampass, 
 		   (int)gid, (int)sampass->private.gid));
  
 	sampass->private.gid = gid; 
-	pdb_set_init_flag(sampass, FLAG_SAM_GID); 
-
-	return True;
 
+	return pdb_set_init_flags(sampass, FLAG_SAM_GID, flag);
 }
 
-BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, DOM_SID *u_sid)
+BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, DOM_SID *u_sid, uint8 flag)
 {
 	if (!sampass || !u_sid)
 		return False;
@@ -496,13 +533,14 @@ BOOL pdb_set_user_sid (SAM_ACCOUNT *samp
 
 	DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n", 
 		    sid_string_static(&sampass->private.user_sid)));
-	
-	return True;
+
+	return pdb_set_init_flags(sampass, FLAG_SAM_USERSID, flag);
 }
 
-BOOL pdb_set_user_sid_from_string (SAM_ACCOUNT *sampass, fstring u_sid)
+BOOL pdb_set_user_sid_from_string (SAM_ACCOUNT *sampass, fstring u_sid, uint8 flag)
 {
 	DOM_SID new_sid;
+	
 	if (!sampass || !u_sid)
 		return False;
 
@@ -514,7 +552,7 @@ BOOL pdb_set_user_sid_from_string (SAM_A
 		return False;
 	}
 	 
-	if (!pdb_set_user_sid(sampass, &new_sid)) {
+	if (!pdb_set_user_sid(sampass, &new_sid, flag)) {
 		DEBUG(1, ("pdb_set_user_sid_from_string: could not set sid %s on SAM_ACCOUNT!\n", u_sid));
 		return False;
 	}
@@ -522,7 +560,7 @@ BOOL pdb_set_user_sid_from_string (SAM_A
 	return True;
 }
 
-BOOL pdb_set_group_sid (SAM_ACCOUNT *sampass, DOM_SID *g_sid)
+BOOL pdb_set_group_sid (SAM_ACCOUNT *sampass, DOM_SID *g_sid, uint8 flag)
 {
 	if (!sampass || !g_sid)
 		return False;
@@ -532,10 +570,10 @@ BOOL pdb_set_group_sid (SAM_ACCOUNT *sam
 	DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n", 
 		    sid_string_static(&sampass->private.group_sid)));
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_GROUPSID, flag);
 }
 
-BOOL pdb_set_group_sid_from_string (SAM_ACCOUNT *sampass, fstring g_sid)
+BOOL pdb_set_group_sid_from_string (SAM_ACCOUNT *sampass, fstring g_sid, uint8 flag)
 {
 	DOM_SID new_sid;
 	if (!sampass || !g_sid)
@@ -549,7 +587,7 @@ BOOL pdb_set_group_sid_from_string (SAM_
 		return False;
 	}
 	 
-	if (!pdb_set_group_sid(sampass, &new_sid)) {
+	if (!pdb_set_group_sid(sampass, &new_sid, flag)) {
 		DEBUG(1, ("pdb_set_group_sid_from_string: could not set sid %s on SAM_ACCOUNT!\n", g_sid));
 		return False;
 	}
@@ -560,8 +598,8 @@ BOOL pdb_set_group_sid_from_string (SAM_
  Set the user's UNIX name.
  ********************************************************************/
 
-BOOL pdb_set_username(SAM_ACCOUNT *sampass, const char *username)
-{	
+BOOL pdb_set_username(SAM_ACCOUNT *sampass, const char *username, uint8 flag)
+{
 	if (!sampass)
 		return False;
  
@@ -579,16 +617,16 @@ BOOL pdb_set_username(SAM_ACCOUNT *sampa
 	} else {
 		sampass->private.username = PDB_NOT_QUITE_NULL;
 	}
-
-	return True;
+	
+	return pdb_set_init_flags(sampass, FLAG_SAM_USERNAME, flag);
 }
 
 /*********************************************************************
  Set the domain name.
  ********************************************************************/
 
-BOOL pdb_set_domain(SAM_ACCOUNT *sampass, const char *domain)
-{	
+BOOL pdb_set_domain(SAM_ACCOUNT *sampass, const char *domain, uint8 flag)
+{
 	if (!sampass)
 		return False;
 
@@ -607,14 +645,14 @@ BOOL pdb_set_domain(SAM_ACCOUNT *sampass
 		sampass->private.domain = PDB_NOT_QUITE_NULL;
 	}
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_DOMAIN, flag);
 }
 
 /*********************************************************************
  Set the user's NT name.
  ********************************************************************/
 
-BOOL pdb_set_nt_username(SAM_ACCOUNT *sampass, const char *nt_username)
+BOOL pdb_set_nt_username(SAM_ACCOUNT *sampass, const char *nt_username, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -634,14 +672,14 @@ BOOL pdb_set_nt_username(SAM_ACCOUNT *sa
 		sampass->private.nt_username = PDB_NOT_QUITE_NULL;
 	}
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_NTUSERNAME, flag);
 }
 
 /*********************************************************************
  Set the user's full name.
  ********************************************************************/
 
-BOOL pdb_set_fullname(SAM_ACCOUNT *sampass, const char *full_name)
+BOOL pdb_set_fullname(SAM_ACCOUNT *sampass, const char *full_name, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -661,14 +699,14 @@ BOOL pdb_set_fullname(SAM_ACCOUNT *sampa
 		sampass->private.full_name = PDB_NOT_QUITE_NULL;
 	}
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_FULLNAME, flag);
 }
 
 /*********************************************************************
  Set the user's logon script.
  ********************************************************************/
 
-BOOL pdb_set_logon_script(SAM_ACCOUNT *sampass, const char *logon_script, BOOL store)
+BOOL pdb_set_logon_script(SAM_ACCOUNT *sampass, const char *logon_script, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -688,19 +726,14 @@ BOOL pdb_set_logon_script(SAM_ACCOUNT *s
 		sampass->private.logon_script = PDB_NOT_QUITE_NULL;
 	}
 	
-	if (store) {
-		DEBUG(10, ("pdb_set_logon_script: setting logon script sam flag!\n"));
-		pdb_set_init_flag(sampass, FLAG_SAM_LOGONSCRIPT);
-	}
-
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_LOGONSCRIPT, flag);
 }
 
 /*********************************************************************
  Set the user's profile path.
  ********************************************************************/
 
-BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, const char *profile_path, BOOL store)
+BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, const char *profile_path, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -720,19 +753,14 @@ BOOL pdb_set_profile_path (SAM_ACCOUNT *
 		sampass->private.profile_path = PDB_NOT_QUITE_NULL;
 	}
 
-	if (store) {
-		DEBUG(10, ("pdb_set_profile_path: setting profile path sam flag!\n"));
-		pdb_set_init_flag(sampass, FLAG_SAM_PROFILE);
-	}
-
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_PROFILE, flag);
 }
 
 /*********************************************************************
  Set the user's directory drive.
  ********************************************************************/
 
-BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, const char *dir_drive, BOOL store)
+BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, const char *dir_drive, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -752,19 +780,14 @@ BOOL pdb_set_dir_drive (SAM_ACCOUNT *sam
 		sampass->private.dir_drive = PDB_NOT_QUITE_NULL;
 	}
 	
-	if (store) {
-		DEBUG(10, ("pdb_set_dir_drive: setting dir drive sam flag!\n"));
-		pdb_set_init_flag(sampass, FLAG_SAM_DRIVE);
-	}
-
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_DRIVE, flag);
 }
 
 /*********************************************************************
  Set the user's home directory.
  ********************************************************************/
 
-BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, const char *home_dir, BOOL store)
+BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, const char *home_dir, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -784,19 +807,14 @@ BOOL pdb_set_homedir (SAM_ACCOUNT *sampa
 		sampass->private.home_dir = PDB_NOT_QUITE_NULL;
 	}
 
-	if (store) {
-		DEBUG(10, ("pdb_set_homedir: setting home dir sam flag!\n"));
-		pdb_set_init_flag(sampass, FLAG_SAM_SMBHOME);
-	}
-
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_SMBHOME, flag);
 }
 
 /*********************************************************************
  Set the user's unix home directory.
  ********************************************************************/
 
-BOOL pdb_set_unix_homedir (SAM_ACCOUNT *sampass, const char *unix_home_dir)
+BOOL pdb_set_unix_homedir (SAM_ACCOUNT *sampass, const char *unix_home_dir, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -817,14 +835,14 @@ BOOL pdb_set_unix_homedir (SAM_ACCOUNT *
 		sampass->private.unix_home_dir = PDB_NOT_QUITE_NULL;
 	}
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_UNIXHOMEDIR, flag);
 }
 
 /*********************************************************************
  Set the user's account description.
  ********************************************************************/
 
-BOOL pdb_set_acct_desc (SAM_ACCOUNT *sampass, const char *acct_desc)
+BOOL pdb_set_acct_desc (SAM_ACCOUNT *sampass, const char *acct_desc, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -841,14 +859,14 @@ BOOL pdb_set_acct_desc (SAM_ACCOUNT *sam
 		sampass->private.acct_desc = PDB_NOT_QUITE_NULL;
 	}
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_ACCTDESC, flag);
 }
 
 /*********************************************************************
  Set the user's workstation allowed list.
  ********************************************************************/
 
-BOOL pdb_set_workstations (SAM_ACCOUNT *sampass, const char *workstations)
+BOOL pdb_set_workstations (SAM_ACCOUNT *sampass, const char *workstations, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -868,14 +886,14 @@ BOOL pdb_set_workstations (SAM_ACCOUNT *
 		sampass->private.workstations = PDB_NOT_QUITE_NULL;
 	}
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_WORKSTATIONS, flag);
 }
 
 /*********************************************************************
  Set the user's 'unknown_str', whatever the heck this actually is...
  ********************************************************************/
 
-BOOL pdb_set_unknown_str (SAM_ACCOUNT *sampass, const char *unknown_str)
+BOOL pdb_set_unknown_str (SAM_ACCOUNT *sampass, const char *unknown_str, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -892,14 +910,14 @@ BOOL pdb_set_unknown_str (SAM_ACCOUNT *s
 		sampass->private.unknown_str = PDB_NOT_QUITE_NULL;
 	}
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_UNKNOWNSTR, flag);
 }
 
 /*********************************************************************
  Set the user's dial string.
  ********************************************************************/
 
-BOOL pdb_set_munged_dial (SAM_ACCOUNT *sampass, const char *munged_dial)
+BOOL pdb_set_munged_dial (SAM_ACCOUNT *sampass, const char *munged_dial, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -916,14 +934,14 @@ BOOL pdb_set_munged_dial (SAM_ACCOUNT *s
 		sampass->private.munged_dial = PDB_NOT_QUITE_NULL;
 	}
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_MUNGEDDIAL, flag);
 }
 
 /*********************************************************************
  Set the user's NT hash.
  ********************************************************************/
 
-BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sampass, const uint8 *pwd)
+BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sampass, const uint8 pwd[NT_HASH_LEN], uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -932,14 +950,14 @@ BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sam
 	
 	sampass->private.nt_pw = data_blob(pwd, NT_HASH_LEN);
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_NTPASSWD, flag);
 }
 
 /*********************************************************************
  Set the user's LM hash.
  ********************************************************************/
 
-BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, const uint8 pwd[16])
+BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, const uint8 pwd[LM_HASH_LEN], uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -948,7 +966,7 @@ BOOL pdb_set_lanman_passwd (SAM_ACCOUNT 
 	
 	sampass->private.lm_pw = data_blob(pwd, LM_HASH_LEN);
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_LMPASSWD, flag);
 }
 
 /*********************************************************************
@@ -956,7 +974,7 @@ BOOL pdb_set_lanman_passwd (SAM_ACCOUNT 
  below)
  ********************************************************************/
 
-BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const char *password)
+BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const char *password, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -976,37 +994,40 @@ BOOL pdb_set_plaintext_pw_only (SAM_ACCO
 		sampass->private.plaintext_pw = NULL;
 	}
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_PLAINTEXT_PW, flag);
 }
 
-BOOL pdb_set_unknown_3 (SAM_ACCOUNT *sampass, uint32 unkn)
+BOOL pdb_set_unknown_3 (SAM_ACCOUNT *sampass, uint32 unkn, uint8 flag)
 {
 	if (!sampass)
 		return False;
 
 	sampass->private.unknown_3 = unkn;
-	return True;
+	
+	return pdb_set_init_flags(sampass, FLAG_SAM_UNKNOWN3, flag);
 }
 
-BOOL pdb_set_unknown_5 (SAM_ACCOUNT *sampass, uint32 unkn)
+BOOL pdb_set_unknown_5 (SAM_ACCOUNT *sampass, uint32 unkn, uint8 flag)
 {
 	if (!sampass)
 		return False;
 
 	sampass->private.unknown_5 = unkn;
-	return True;
+
+	return pdb_set_init_flags(sampass, FLAG_SAM_UNKNOWN5, flag);
 }
 
-BOOL pdb_set_unknown_6 (SAM_ACCOUNT *sampass, uint32 unkn)
+BOOL pdb_set_unknown_6 (SAM_ACCOUNT *sampass, uint32 unkn, uint8 flag)
 {
 	if (!sampass)
 		return False;
 
 	sampass->private.unknown_6 = unkn;
-	return True;
+
+	return pdb_set_init_flags(sampass, FLAG_SAM_UNKNOWN6, flag);
 }
 
-BOOL pdb_set_hours (SAM_ACCOUNT *sampass, const uint8 *hours)
+BOOL pdb_set_hours (SAM_ACCOUNT *sampass, const uint8 *hours, uint8 flag)
 {
 	if (!sampass)
 		return False;
@@ -1018,7 +1039,7 @@ BOOL pdb_set_hours (SAM_ACCOUNT *sampass
 	
 	memcpy (sampass->private.hours, hours, MAX_HOURS_LEN);
 
-	return True;
+	return pdb_set_init_flags(sampass, FLAG_SAM_HOURS, flag);
 }
 
 
@@ -1036,17 +1057,17 @@ BOOL pdb_set_pass_changed_now (SAM_ACCOU
 	if (!sampass)
 		return False;
 	
-	if (!pdb_set_pass_last_set_time (sampass, time(NULL)))
+	if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED))
 		return False;
 
 	if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire) 
 	    || (expire==(uint32)-1)) {
-		if (!pdb_set_pass_must_change_time (sampass, get_time_t_max(), False))
+		if (!pdb_set_pass_must_change_time (sampass, get_time_t_max(), PDB_CHANGED))
 			return False;
 	} else {
 		if (!pdb_set_pass_must_change_time (sampass, 
 						    pdb_get_pass_last_set_time(sampass)
-						    + expire, True))
+						    + expire, PDB_CHANGED))
 			return False;
 	}
 	
@@ -1068,13 +1089,13 @@ BOOL pdb_set_plaintext_passwd (SAM_ACCOU
 	
 	nt_lm_owf_gen (plaintext, new_nt_p16, new_lanman_p16);
 
-	if (!pdb_set_nt_passwd (sampass, new_nt_p16)) 
+	if (!pdb_set_nt_passwd (sampass, new_nt_p16, PDB_CHANGED)) 
 		return False;
 
-	if (!pdb_set_lanman_passwd (sampass, new_lanman_p16)) 
+	if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED)) 
 		return False;
 
-	if (!pdb_set_plaintext_pw_only (sampass, plaintext)) 
+	if (!pdb_set_plaintext_pw_only (sampass, plaintext, PDB_CHANGED)) 
 		return False;
 
 	if (!pdb_set_pass_changed_now (sampass))
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/passdb/pdb_ldap.c HEAD-pdb/source/passdb/pdb_ldap.c
--- HEAD/source/passdb/pdb_ldap.c	Fri Sep 27 07:40:04 2002
+++ HEAD-pdb/source/passdb/pdb_ldap.c	Tue Oct  8 17:27:20 2002
@@ -683,13 +683,13 @@ static BOOL init_sam_from_ldap (struct l
 	get_single_attribute(ldap_struct, entry, "rid", temp);
 	user_rid = (uint32)atol(temp);
 
-	pdb_set_user_sid_from_rid(sampass, user_rid);
+	pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET);
 
 	if (!get_single_attribute(ldap_struct, entry, "primaryGroupID", temp)) {
 		group_rid = 0;
 	} else {
 		group_rid = (uint32)atol(temp);
-		pdb_set_group_sid_from_rid(sampass, group_rid);
+		pdb_set_group_sid_from_rid(sampass, group_rid, PDB_SET);
 	}
 
 	if ((ldap_state->permit_non_unix_accounts) 
@@ -710,21 +710,21 @@ static BOOL init_sam_from_ldap (struct l
 		uid = pw->pw_uid;
 		gid = pw->pw_gid;
 
-		pdb_set_unix_homedir(sampass, pw->pw_dir);
+		pdb_set_unix_homedir(sampass, pw->pw_dir, PDB_SET);
 
 		passwd_free(&pw);
 
-		pdb_set_uid(sampass, uid);
-		pdb_set_gid(sampass, gid);
+		pdb_set_uid(sampass, uid, PDB_SET);
+		pdb_set_gid(sampass, gid, PDB_SET);
 
 		if (group_rid == 0) {
 			GROUP_MAP map;
 			/* call the mapping code here */
 			if(get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
-				pdb_set_group_sid(sampass, &map.sid);
+				pdb_set_group_sid(sampass, &map.sid, PDB_SET);
 			} 
 			else {
-				pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid));
+				pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid), PDB_SET);
 			}
 		}
 	}
@@ -733,42 +733,42 @@ static BOOL init_sam_from_ldap (struct l
 		/* leave as default */
 	} else {
 		pass_last_set_time = (time_t) atol(temp);
-		pdb_set_pass_last_set_time(sampass, pass_last_set_time);
+		pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET);
 	}
 
 	if (!get_single_attribute(ldap_struct, entry, "logonTime", temp)) {
 		/* leave as default */
 	} else {
 		logon_time = (time_t) atol(temp);
-		pdb_set_logon_time(sampass, logon_time, True);
+		pdb_set_logon_time(sampass, logon_time, PDB_SET);
 	}
 
 	if (!get_single_attribute(ldap_struct, entry, "logoffTime", temp)) {
 		/* leave as default */
 	} else {
 		logoff_time = (time_t) atol(temp);
-		pdb_set_logoff_time(sampass, logoff_time, True);
+		pdb_set_logoff_time(sampass, logoff_time, PDB_SET);
 	}
 
 	if (!get_single_attribute(ldap_struct, entry, "kickoffTime", temp)) {
 		/* leave as default */
 	} else {
 		kickoff_time = (time_t) atol(temp);
-		pdb_set_kickoff_time(sampass, kickoff_time, True);
+		pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET);
 	}
 
 	if (!get_single_attribute(ldap_struct, entry, "pwdCanChange", temp)) {
 		/* leave as default */
 	} else {
 		pass_can_change_time = (time_t) atol(temp);
-		pdb_set_pass_can_change_time(sampass, pass_can_change_time, True);
+		pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET);
 	}
 
 	if (!get_single_attribute(ldap_struct, entry, "pwdMustChange", temp)) {
 		/* leave as default */
 	} else {
 		pass_must_change_time = (time_t) atol(temp);
-		pdb_set_pass_must_change_time(sampass, pass_must_change_time, True);
+		pdb_set_pass_must_change_time(sampass, pass_must_change_time, PDB_SET);
 	}
 
 	/* recommend that 'gecos' and 'displayName' should refer to the same
@@ -781,10 +781,10 @@ static BOOL init_sam_from_ldap (struct l
 		if (!get_single_attribute(ldap_struct, entry, "displayName", fullname)) {
 			/* leave as default */
 		} else {
-			pdb_set_fullname(sampass, fullname);
+			pdb_set_fullname(sampass, fullname, PDB_SET);
 		}
 	} else {
-		pdb_set_fullname(sampass, fullname);
+		pdb_set_fullname(sampass, fullname, PDB_SET);
 	}
 
 	if (!get_single_attribute(ldap_struct, entry, "homeDrive", dir_drive)) {
@@ -792,9 +792,9 @@ static BOOL init_sam_from_ldap (struct l
 								  lp_logon_drive(),
 								  username, domain, 
 								  uid, gid),
-				  False);
+				  PDB_DEFAULT);
 	} else {
-		pdb_set_dir_drive(sampass, dir_drive, True);
+		pdb_set_dir_drive(sampass, dir_drive, PDB_SET);
 	}
 
 	if (!get_single_attribute(ldap_struct, entry, "smbHome", homedir)) {
@@ -802,9 +802,9 @@ static BOOL init_sam_from_ldap (struct l
 								  lp_logon_home(),
 								  username, domain, 
 								  uid, gid), 
-				  False);
+				  PDB_DEFAULT);
 	} else {
-		pdb_set_homedir(sampass, homedir, True);
+		pdb_set_homedir(sampass, homedir, PDB_SET);
 	}
 
 	if (!get_single_attribute(ldap_struct, entry, "scriptPath", logon_script)) {
@@ -812,9 +812,9 @@ static BOOL init_sam_from_ldap (struct l
 								     lp_logon_script(),
 								     username, domain, 
 								     uid, gid), 
-				     False);
+				     PDB_DEFAULT);
 	} else {
-		pdb_set_logon_script(sampass, logon_script, True);
+		pdb_set_logon_script(sampass, logon_script, PDB_SET);
 	}
 
 	if (!get_single_attribute(ldap_struct, entry, "profilePath", profile_path)) {
@@ -822,21 +822,21 @@ static BOOL init_sam_from_ldap (struct l
 								     lp_logon_path(),
 								     username, domain, 
 								     uid, gid), 
-				     False);
+				     PDB_DEFAULT);
 	} else {
-		pdb_set_profile_path(sampass, profile_path, True);
+		pdb_set_profile_path(sampass, profile_path, PDB_SET);
 	}
 
 	if (!get_single_attribute(ldap_struct, entry, "description", acct_desc)) {
 		/* leave as default */
 	} else {
-		pdb_set_acct_desc(sampass, acct_desc);
+		pdb_set_acct_desc(sampass, acct_desc, PDB_SET);
 	}
 
 	if (!get_single_attribute(ldap_struct, entry, "userWorkstations", workstations)) {
 		/* leave as default */;
 	} else {
-		pdb_set_workstations(sampass, workstations);
+		pdb_set_workstations(sampass, workstations, PDB_SET);
 	}
 
 	/* FIXME: hours stuff should be cleaner */
@@ -850,7 +850,7 @@ static BOOL init_sam_from_ldap (struct l
 	} else {
 		pdb_gethexpwd(temp, smblmpwd);
 		memset((char *)temp, '\0', strlen(temp)+1);
-		if (!pdb_set_lanman_passwd(sampass, smblmpwd))
+		if (!pdb_set_lanman_passwd(sampass, smblmpwd, PDB_SET))
 			return False;
 		ZERO_STRUCT(smblmpwd);
 	}
@@ -860,7 +860,7 @@ static BOOL init_sam_from_ldap (struct l
 	} else {
 		pdb_gethexpwd(temp, smbntpwd);
 		memset((char *)temp, '\0', strlen(temp)+1);
-		if (!pdb_set_nt_passwd(sampass, smbntpwd))
+		if (!pdb_set_nt_passwd(sampass, smbntpwd, PDB_SET))
 			return False;
 		ZERO_STRUCT(smbntpwd);
 	}
@@ -873,24 +873,24 @@ static BOOL init_sam_from_ldap (struct l
 		if (acct_ctrl == 0)
 			acct_ctrl |= ACB_NORMAL;
 
-		pdb_set_acct_ctrl(sampass, acct_ctrl);
+		pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET);
 	}
 
-	pdb_set_hours_len(sampass, hours_len);
-	pdb_set_logon_divs(sampass, logon_divs);
+	pdb_set_hours_len(sampass, hours_len, PDB_SET);
+	pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
 
-	pdb_set_username(sampass, username);
+	pdb_set_username(sampass, username, PDB_SET);
 
-	pdb_set_domain(sampass, domain);
-	pdb_set_nt_username(sampass, nt_username);
+	pdb_set_domain(sampass, domain, PDB_DEFAULT);
+	pdb_set_nt_username(sampass, nt_username, PDB_SET);
 
-	pdb_set_munged_dial(sampass, munged_dial);
+	pdb_set_munged_dial(sampass, munged_dial, PDB_SET);
 	
-	/* pdb_set_unknown_3(sampass, unknown3); */
-	/* pdb_set_unknown_5(sampass, unknown5); */
-	/* pdb_set_unknown_6(sampass, unknown6); */
+	/* pdb_set_unknown_3(sampass, unknown3, PDB_SET); */
+	/* pdb_set_unknown_5(sampass, unknown5, PDB_SET); */
+	/* pdb_set_unknown_6(sampass, unknown6, PDB_SET); */
 
-	pdb_set_hours(sampass, hours);
+	pdb_set_hours(sampass, hours, PDB_SET);
 
 	return True;
 }
@@ -917,91 +917,110 @@ static BOOL init_ldap_from_sam (struct l
 	 * took out adding "objectclass: sambaAccount"
 	 * do this on a per-mod basis
 	 */
-
-	make_a_mod(mods, ldap_op, "uid", pdb_get_username(sampass));
-	DEBUG(2, ("Setting entry for user: %s\n", pdb_get_username(sampass)));
-
-	if ( pdb_get_user_rid(sampass) ) {
-		rid = pdb_get_user_rid(sampass);
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_UID)) {
+		make_a_mod(mods, ldap_op, "uid", pdb_get_username(sampass));
+		DEBUG(2, ("Setting entry for user: %s\n", pdb_get_username(sampass)));
+	}
+	
+	if ((rid = pdb_get_user_rid(sampass))!=0 ) {
+		if (IS_SAM_CHANGED(sampass, FLAG_SAM_USERSID)) {		
+			slprintf(temp, sizeof(temp) - 1, "%i", rid);
+			make_a_mod(mods, ldap_op, "rid", temp);
+		}
 	} else if (IS_SAM_SET(sampass, FLAG_SAM_UID)) {
 		rid = fallback_pdb_uid_to_user_rid(pdb_get_uid(sampass));
+		slprintf(temp, sizeof(temp) - 1, "%i", rid);
+		make_a_mod(mods, ldap_op, "rid", temp);
 	} else if (ldap_state->permit_non_unix_accounts) {
 		rid = ldapsam_get_next_available_nua_rid(ldap_state);
 		if (rid == 0) {
 			DEBUG(0, ("NO user RID specified on account %s, and findining next available NUA RID failed, cannot store!\n", pdb_get_username(sampass)));
 			return False;
 		}
+		slprintf(temp, sizeof(temp) - 1, "%i", rid);
+		make_a_mod(mods, ldap_op, "rid", temp);
 	} else {
 		DEBUG(0, ("NO user RID specified on account %s, cannot store!\n", pdb_get_username(sampass)));
 		return False;
 	}
 
-	slprintf(temp, sizeof(temp) - 1, "%i", rid);
-	make_a_mod(mods, ldap_op, "rid", temp);
 
-	if ( pdb_get_group_rid(sampass) ) {
-		rid = pdb_get_group_rid(sampass);
+
+	if ((rid = pdb_get_group_rid(sampass))!=0 ) {
+		if (IS_SAM_CHANGED(sampass, FLAG_SAM_GROUPSID)) {		
+			slprintf(temp, sizeof(temp) - 1, "%i", rid);
+			make_a_mod(mods, ldap_op, "primaryGroupID", temp);
+		}
 	} else if (IS_SAM_SET(sampass, FLAG_SAM_GID)) {
 		rid = pdb_gid_to_group_rid(pdb_get_gid(sampass));
+		slprintf(temp, sizeof(temp) - 1, "%i", rid);
+		make_a_mod(mods, ldap_op, "primaryGroupID", temp);
 	} else if (ldap_state->permit_non_unix_accounts) {
 		rid = DOMAIN_GROUP_RID_USERS;
+		slprintf(temp, sizeof(temp) - 1, "%i", rid);
+		make_a_mod(mods, ldap_op, "primaryGroupID", temp);
 	} else {
 		DEBUG(0, ("NO group RID specified on account %s, cannot store!\n", pdb_get_username(sampass)));
 		return False;
 	}
 
-	slprintf(temp, sizeof(temp) - 1, "%i", rid);
-	make_a_mod(mods, ldap_op, "primaryGroupID", temp);
 
 	/* displayName, cn, and gecos should all be the same
 	 *  most easily accomplished by giving them the same OID
 	 *  gecos isn't set here b/c it should be handled by the 
 	 *  add-user script
 	 */
-
-	make_a_mod(mods, ldap_op, "displayName", pdb_get_fullname(sampass));
-	make_a_mod(mods, ldap_op, "cn", pdb_get_fullname(sampass));
-	make_a_mod(mods, ldap_op, "description", pdb_get_acct_desc(sampass));
-	make_a_mod(mods, ldap_op, "userWorkstations", pdb_get_workstations(sampass));
-
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_FULLNAME)) {
+		make_a_mod(mods, ldap_op, "displayName", pdb_get_fullname(sampass));
+		make_a_mod(mods, ldap_op, "cn", pdb_get_fullname(sampass));
+	}
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_ACCTDESC)) {	
+		make_a_mod(mods, ldap_op, "description", pdb_get_acct_desc(sampass));
+	}
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_WORKSTATIONS)) {	
+		make_a_mod(mods, ldap_op, "userWorkstations", pdb_get_workstations(sampass));
+	}
 	/*
 	 * Only updates fields which have been set (not defaults from smb.conf)
 	 */
 
-	if (IS_SAM_SET(sampass, FLAG_SAM_SMBHOME))
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_SMBHOME)) {
 		make_a_mod(mods, ldap_op, "smbHome", pdb_get_homedir(sampass));
-		
-	if (IS_SAM_SET(sampass, FLAG_SAM_DRIVE))
+	}
+			
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_DRIVE)) {
 		make_a_mod(mods, ldap_op, "homeDrive", pdb_get_dir_drive(sampass));
+	}
 	
-	if (IS_SAM_SET(sampass, FLAG_SAM_LOGONSCRIPT))
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_LOGONSCRIPT)) {
 		make_a_mod(mods, ldap_op, "scriptPath", pdb_get_logon_script(sampass));
-
-	if (IS_SAM_SET(sampass, FLAG_SAM_PROFILE))
+	}
+	
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_PROFILE))
 		make_a_mod(mods, ldap_op, "profilePath", pdb_get_profile_path(sampass));
 
-	if (IS_SAM_SET(sampass, FLAG_SAM_LOGONTIME)) {
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_LOGONTIME)) {
 		slprintf(temp, sizeof(temp) - 1, "%li", pdb_get_logon_time(sampass));
 		make_a_mod(mods, ldap_op, "logonTime", temp);
 	}
 
-	if (IS_SAM_SET(sampass, FLAG_SAM_LOGOFFTIME)) {
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_LOGOFFTIME)) {
 		slprintf(temp, sizeof(temp) - 1, "%li", pdb_get_logoff_time(sampass));
 		make_a_mod(mods, ldap_op, "logoffTime", temp);
 	}
 
-	if (IS_SAM_SET(sampass, FLAG_SAM_KICKOFFTIME)) {
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_KICKOFFTIME)) {
 		slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_kickoff_time(sampass));
 		make_a_mod(mods, ldap_op, "kickoffTime", temp);
 	}
 
 
-	if (IS_SAM_SET(sampass, FLAG_SAM_CANCHANGETIME)) {
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_CANCHANGETIME)) {
 		slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_can_change_time(sampass));
 		make_a_mod(mods, ldap_op, "pwdCanChange", temp);
 	}
 
-	if (IS_SAM_SET(sampass, FLAG_SAM_MUSTCHANGETIME)) {
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_MUSTCHANGETIME)) {
 		slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_must_change_time(sampass));
 		make_a_mod(mods, ldap_op, "pwdMustChange", temp);
 	}
@@ -1009,22 +1028,28 @@ static BOOL init_ldap_from_sam (struct l
 	if ((pdb_get_acct_ctrl(sampass)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST))||
 		(lp_ldap_passwd_sync()!=LDAP_PASSWD_SYNC_ONLY)) {
 
-		pdb_sethexpwd (temp, pdb_get_lanman_passwd(sampass), pdb_get_acct_ctrl(sampass));
-		make_a_mod (mods, ldap_op, "lmPassword", temp);
-	
-		pdb_sethexpwd (temp, pdb_get_nt_passwd(sampass), pdb_get_acct_ctrl(sampass));
-		make_a_mod (mods, ldap_op, "ntPassword", temp);
-	
-		slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_last_set_time(sampass));
-		make_a_mod(mods, ldap_op, "pwdLastSet", temp);
-
+		if (IS_SAM_CHANGED(sampass, FLAG_SAM_LMPASSWD)) {
+			pdb_sethexpwd (temp, pdb_get_lanman_passwd(sampass), pdb_get_acct_ctrl(sampass));
+			make_a_mod (mods, ldap_op, "lmPassword", temp);
+		}
+		
+		if (IS_SAM_CHANGED(sampass, FLAG_SAM_NTPASSWD)) {
+			pdb_sethexpwd (temp, pdb_get_nt_passwd(sampass), pdb_get_acct_ctrl(sampass));
+			make_a_mod (mods, ldap_op, "ntPassword", temp);
+		}
+		
+		if (IS_SAM_CHANGED(sampass, FLAG_SAM_PASSLASTSET)) {
+			slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_last_set_time(sampass));
+			make_a_mod(mods, ldap_op, "pwdLastSet", temp);
+		}
 	}
 
 	/* FIXME: Hours stuff goes in LDAP  */
-
-	make_a_mod (mods, ldap_op, "acctFlags", pdb_encode_acct_ctrl (pdb_get_acct_ctrl(sampass),
-		NEW_PW_FORMAT_SPACE_PADDED_LEN));
-
+	if (IS_SAM_CHANGED(sampass, FLAG_SAM_ACCTCTRL)) {
+		make_a_mod (mods, ldap_op, "acctFlags", pdb_encode_acct_ctrl (pdb_get_acct_ctrl(sampass),
+			NEW_PW_FORMAT_SPACE_PADDED_LEN));
+	}
+	
 	return True;
 }
 
@@ -1414,6 +1439,7 @@ static NTSTATUS ldapsam_modify_entry(LDA
 #ifdef LDAP_EXOP_X_MODIFY_PASSWD
 	if (!(pdb_get_acct_ctrl(newpwd)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST))&&
 		(lp_ldap_passwd_sync()!=LDAP_PASSWD_SYNC_OFF)&&
+		IS_SAM_CHANGED(newpwd, FLAG_SAM_PLAINTEXT_PW)&&
 		(pdb_get_plaintext_passwd(newpwd)!=NULL)) {
 		BerElement *ber;
 		struct berval *bv;
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/passdb/pdb_nisplus.c HEAD-pdb/source/passdb/pdb_nisplus.c
--- HEAD/source/passdb/pdb_nisplus.c	Fri Sep 27 07:40:04 2002
+++ HEAD-pdb/source/passdb/pdb_nisplus.c	Tue Oct  8 16:07:07 2002
@@ -745,7 +745,7 @@ static BOOL make_sam_from_nisp_object (S
 	/* Don't change these timestamp settings without a good reason.  They are
 	   important for NT member server compatibility. */
 
-	pdb_set_logon_time (pw_buf, (time_t) 0, True);
+	pdb_set_logon_time (pw_buf, (time_t) 0, PDB_DEFAULT);
 	ptr = (uchar *) ENTRY_VAL (obj, NPF_LOGON_T);
 	if (ptr && *ptr && (StrnCaseCmp (ptr, "LNT-", 4) == 0)) {
 		int i;
@@ -758,11 +758,11 @@ static BOOL make_sam_from_nisp_object (S
 		if (i == 8) {
 			pdb_set_logon_time (pw_buf,
 					    (time_t) strtol (ptr, NULL, 16),
-					    True);
+					    PDB_SET);
 		}
 	}
 
-	pdb_set_logoff_time (pw_buf, get_time_t_max (), True);
+	pdb_set_logoff_time (pw_buf, get_time_t_max (), PDB_DEFAULT);
 	ptr = (uchar *) ENTRY_VAL (obj, NPF_LOGOFF_T);
 	if (ptr && *ptr && (StrnCaseCmp (ptr, "LOT-", 4) == 0)) {
 		int i;
@@ -775,11 +775,11 @@ static BOOL make_sam_from_nisp_object (S
 		if (i == 8) {
 			pdb_set_logoff_time (pw_buf,
 					     (time_t) strtol (ptr, NULL, 16),
-					     True);
+					     PDB_SET);
 		}
 	}
 
-	pdb_set_kickoff_time (pw_buf, get_time_t_max (), True);
+	pdb_set_kickoff_time (pw_buf, get_time_t_max (), PDB_DEFAULT);
 	ptr = (uchar *) ENTRY_VAL (obj, NPF_KICK_T);
 	if (ptr && *ptr && (StrnCaseCmp (ptr, "KOT-", 4) == 0)) {
 		int i;
@@ -792,11 +792,11 @@ static BOOL make_sam_from_nisp_object (S
 		if (i == 8) {
 			pdb_set_kickoff_time (pw_buf,
 					      (time_t) strtol (ptr, NULL, 16),
-					      True);
+					      PDB_SET);
 		}
 	}
 
-	pdb_set_pass_last_set_time (pw_buf, (time_t) 0);
+	pdb_set_pass_last_set_time (pw_buf, (time_t) 0, PDB_DEFAULT);
 	ptr = (uchar *) ENTRY_VAL (obj, NPF_PWDLSET_T);
 	if (ptr && *ptr && (StrnCaseCmp (ptr, "LCT-", 4) == 0)) {
 		int i;
@@ -810,11 +810,12 @@ static BOOL make_sam_from_nisp_object (S
 			pdb_set_pass_last_set_time (pw_buf,
 						    (time_t) strtol (ptr,
 								     NULL,
-								     16));
+								     16),
+						     PDB_SET);
 		}
 	}
 
-	pdb_set_pass_can_change_time (pw_buf, (time_t) 0, True);
+	pdb_set_pass_can_change_time (pw_buf, (time_t) 0, PDB_DEFAULT);
 	ptr = (uchar *) ENTRY_VAL (obj, NPF_PWDCCHG_T);
 	if (ptr && *ptr && (StrnCaseCmp (ptr, "CCT-", 4) == 0)) {
 		int i;
@@ -829,11 +830,11 @@ static BOOL make_sam_from_nisp_object (S
 						      (time_t) strtol (ptr,
 								       NULL,
 								       16),
-						      True);
+						      PDB_SET);
 		}
 	}
 
-	pdb_set_pass_must_change_time (pw_buf, get_time_t_max (), True);	/* Password never expires. */
+	pdb_set_pass_must_change_time (pw_buf, get_time_t_max (), PDB_DEFAULT);	/* Password never expires. */
 	ptr = (uchar *) ENTRY_VAL (obj, NPF_PWDMCHG_T);
 	if (ptr && *ptr && (StrnCaseCmp (ptr, "MCT-", 4) == 0)) {
 		int i;
@@ -848,13 +849,13 @@ static BOOL make_sam_from_nisp_object (S
 						       (time_t) strtol (ptr,
 									NULL,
 									16),
-						       True);
+						       PDB_SET);
 		}
 	}
 
 	/* string values */
-	pdb_set_username (pw_buf, ENTRY_VAL (obj, NPF_NAME));
-	pdb_set_domain (pw_buf, lp_workgroup ());
+	pdb_set_username (pw_buf, ENTRY_VAL (obj, NPF_NAME), PDB_SET);
+	pdb_set_domain (pw_buf, lp_workgroup (), PDB_DEFAULT);
 	/* pdb_set_nt_username() -- cant set it here... */
 
 	get_single_attribute (obj, NPF_FULL_NAME, full_name,
@@ -862,27 +863,27 @@ static BOOL make_sam_from_nisp_object (S
 #if 0
 	unix_to_dos (full_name, True);
 #endif
-	pdb_set_fullname (pw_buf, full_name);
+	pdb_set_fullname (pw_buf, full_name, PDB_SET);
 
 	pdb_set_acct_ctrl (pw_buf, pdb_decode_acct_ctrl (ENTRY_VAL (obj,
-								    NPF_ACB)));
+								    NPF_ACB), PDB_SET));
 
 	get_single_attribute (obj, NPF_ACCT_DESC, acct_desc,
 			      sizeof (pstring));
 #if 0
 	unix_to_dos (acct_desc, True);
 #endif
-	pdb_set_acct_desc (pw_buf, acct_desc);
+	pdb_set_acct_desc (pw_buf, acct_desc, PDB_SET);
 
-	pdb_set_workstations (pw_buf, ENTRY_VAL (obj, NPF_WORKSTATIONS));
-	pdb_set_munged_dial (pw_buf, NULL);
+	pdb_set_workstations (pw_buf, ENTRY_VAL (obj, NPF_WORKSTATIONS), PDB_SET);
+	pdb_set_munged_dial (pw_buf, NULL, PDB_DEFAULT);
 
-	pdb_set_uid (pw_buf, atoi (ENTRY_VAL (obj, NPF_UID)));
-	pdb_set_gid (pw_buf, atoi (ENTRY_VAL (obj, NPF_SMB_GRPID)));
+	pdb_set_uid (pw_buf, atoi (ENTRY_VAL (obj, NPF_UID)), PDB_SET);
+	pdb_set_gid (pw_buf, atoi (ENTRY_VAL (obj, NPF_SMB_GRPID)), PDB_SET);
 	pdb_set_user_sid_from_rid (pw_buf,
-				   atoi (ENTRY_VAL (obj, NPF_USER_RID)));
+				   atoi (ENTRY_VAL (obj, NPF_USER_RID)), PDB_SET);
 	pdb_set_group_sid_from_rid (pw_buf,
-				    atoi (ENTRY_VAL (obj, NPF_GROUP_RID)));
+				    atoi (ENTRY_VAL (obj, NPF_GROUP_RID)), PDB_SET);
 
 	/* values, must exist for user */
 	if (!(pdb_get_acct_ctrl (pw_buf) & ACB_WSTRUST)) {
@@ -891,59 +892,60 @@ static BOOL make_sam_from_nisp_object (S
 				      sizeof (pstring));
 		if (!(home_dir && *home_dir)) {
 			pstrcpy (home_dir, lp_logon_home ());
-			pdb_set_homedir (pw_buf, home_dir, False);
+			pdb_set_homedir (pw_buf, home_dir, PDB_DEFAULT);
 		} else
-			pdb_set_homedir (pw_buf, home_dir, True);
+			pdb_set_homedir (pw_buf, home_dir, PDB_SET);
 
 		get_single_attribute (obj, NPF_DIR_DRIVE, home_drive,
 				      sizeof (pstring));
 		if (!(home_drive && *home_drive)) {
 			pstrcpy (home_drive, lp_logon_drive ());
-			pdb_set_dir_drive (pw_buf, home_drive, False);
+			pdb_set_dir_drive (pw_buf, home_drive, PDB_DEFAULT);
 		} else
-			pdb_set_dir_drive (pw_buf, home_drive, True);
+			pdb_set_dir_drive (pw_buf, home_drive, PDB_SET);
 
 		get_single_attribute (obj, NPF_LOGON_SCRIPT, logon_script,
 				      sizeof (pstring));
 		if (!(logon_script && *logon_script)) {
 			pstrcpy (logon_script, lp_logon_script ());
+			pdb_set_logon_script (pw_buf, logon_script, PDB_DEFAULT);
 		} else
-			pdb_set_logon_script (pw_buf, logon_script, True);
+			pdb_set_logon_script (pw_buf, logon_script, PDB_SET);
 
 		get_single_attribute (obj, NPF_PROFILE_PATH, profile_path,
 				      sizeof (pstring));
 		if (!(profile_path && *profile_path)) {
 			pstrcpy (profile_path, lp_logon_path ());
-			pdb_set_profile_path (pw_buf, profile_path, False);
+			pdb_set_profile_path (pw_buf, profile_path, PDB_DEFAULT);
 		} else
-			pdb_set_profile_path (pw_buf, profile_path, True);
+			pdb_set_profile_path (pw_buf, profile_path, PDB_SET);
 
 	} else {
 		/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
-		pdb_set_group_sid_from_rid (pw_buf, DOMAIN_GROUP_RID_USERS);
+		pdb_set_group_sid_from_rid (pw_buf, DOMAIN_GROUP_RID_USERS, PDB_DEFAULT);
 	}
 
 	/* Check the lanman password column. */
 	ptr = (char *) ENTRY_VAL (obj, NPF_LMPWD);
-	if (!pdb_set_lanman_passwd (pw_buf, NULL))
+	if (!pdb_set_lanman_passwd (pw_buf, NULL, PDB_DEFAULT))
 		return False;
 
 	if (!strncasecmp (ptr, "NO PASSWORD", 11)) {
 		pdb_set_acct_ctrl (pw_buf,
-				   pdb_get_acct_ctrl (pw_buf) | ACB_PWNOTREQ);
+				   pdb_get_acct_ctrl (pw_buf) | ACB_PWNOTREQ, PDB_SET);
 	} else {
 		if (strlen (ptr) != 32 || !pdb_gethexpwd (ptr, smbpwd)) {
 			DEBUG (0, ("malformed LM pwd entry: %s.\n",
 				   pdb_get_username (pw_buf)));
 			return False;
 		}
-		if (!pdb_set_lanman_passwd (pw_buf, smbpwd))
+		if (!pdb_set_lanman_passwd (pw_buf, smbpwd, PDB_SET))
 			return False;
 	}
 
 	/* Check the NT password column. */
 	ptr = ENTRY_VAL (obj, NPF_NTPWD);
-	if (!pdb_set_nt_passwd (pw_buf, NULL))
+	if (!pdb_set_nt_passwd (pw_buf, NULL, PDB_DEFAULT))
 		return False;
 
 	if (!(pdb_get_acct_ctrl (pw_buf) & ACB_PWNOTREQ) &&
@@ -953,12 +955,12 @@ static BOOL make_sam_from_nisp_object (S
  uid = %d.\n", pdb_get_uid (pw_buf)));
 			return False;
 		}
-		if (!pdb_set_nt_passwd (pw_buf, smbntpwd))
+		if (!pdb_set_nt_passwd (pw_buf, smbntpwd, PDB_SET))
 			return False;
 	}
 
-	pdb_set_unknown_3 (pw_buf, 0xffffff);	/* don't know */
-	pdb_set_logon_divs (pw_buf, 168);	/* hours per week */
+	pdb_set_unknown_3 (pw_buf, 0xffffff, PDB_DEFAULT);	/* don't know */
+	pdb_set_logon_divs (pw_buf, 168, PDB_DEFAULT);	/* hours per week */
 
 	if ((hours_len = ENTRY_LEN (obj, NPF_HOURS)) == 21) {
 		memcpy (hours, ENTRY_VAL (obj, NPF_HOURS), hours_len);
@@ -967,11 +969,11 @@ static BOOL make_sam_from_nisp_object (S
 		/* available at all hours */
 		memset (hours, 0xff, hours_len);
 	}
-	pdb_set_hours_len (pw_buf, hours_len);
-	pdb_set_hours (pw_buf, hours);
+	pdb_set_hours_len (pw_buf, hours_len, PDB_SET);
+	pdb_set_hours (pw_buf, hours, PDB_SET);
 
-	pdb_set_unknown_5 (pw_buf, 0x00020000);	/* don't know */
-	pdb_set_unknown_6 (pw_buf, 0x000004ec);	/* don't know */
+	pdb_set_unknown_5 (pw_buf, 0x00020000, PDB_DEFAULT);	/* don't know */
+	pdb_set_unknown_6 (pw_buf, 0x000004ec, PDB_DEFAULT);	/* don't know */
 
 	return True;
 }
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/passdb/pdb_smbpasswd.c HEAD-pdb/source/passdb/pdb_smbpasswd.c
--- HEAD/source/passdb/pdb_smbpasswd.c	Fri Sep 27 07:40:04 2002
+++ HEAD-pdb/source/passdb/pdb_smbpasswd.c	Tue Oct  8 16:07:07 2002
@@ -1204,16 +1204,16 @@ static BOOL build_sam_account(struct smb
 	    && (pw_buf->smb_userid >= smbpasswd_state->low_nua_userid) 
 	    && (pw_buf->smb_userid <= smbpasswd_state->high_nua_userid)) {
 
-		pdb_set_user_sid_from_rid(sam_pass, fallback_pdb_uid_to_user_rid (pw_buf->smb_userid));
+		pdb_set_user_sid_from_rid(sam_pass, fallback_pdb_uid_to_user_rid (pw_buf->smb_userid), PDB_SET);
 
 		/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. 
 		   
 		   This was down the bottom for machines, but it looks pretty good as
 		   a general default for non-unix users. --abartlet 2002-01-08
 		*/
-		pdb_set_group_sid_from_rid (sam_pass, DOMAIN_GROUP_RID_USERS); 
-		pdb_set_username (sam_pass, pw_buf->smb_name);
-		pdb_set_domain (sam_pass, lp_workgroup());
+		pdb_set_group_sid_from_rid (sam_pass, DOMAIN_GROUP_RID_USERS, PDB_SET); 
+		pdb_set_username (sam_pass, pw_buf->smb_name, PDB_SET);
+		pdb_set_domain (sam_pass, lp_workgroup(), PDB_DEFAULT);
 	} else {
 
 		pwfile = getpwnam_alloc(pw_buf->smb_name);
@@ -1229,18 +1229,18 @@ static BOOL build_sam_account(struct smb
 		passwd_free(&pwfile);
 	}
 	
-	pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd);
-	pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd);			
-	pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl);
-	pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time);
-	pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time, True);
+	pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd, PDB_SET);
+	pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd, PDB_SET);			
+	pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl, PDB_SET);
+	pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET);
+	pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET);
 	
 #if 0	/* JERRY */
 	/* the smbpasswd format doesn't have a must change time field, so
 	   we can't get this right. The best we can do is to set this to 
 	   some time in the future. 21 days seems as reasonable as any other value :) 
 	*/
-	pdb_set_pass_must_change_time (sam_pass, pw_buf->pass_last_set_time + MAX_PASSWORD_AGE);
+	pdb_set_pass_must_change_time (sam_pass, pw_buf->pass_last_set_time + MAX_PASSWORD_AGE, PDB_DEFAULT);
 #endif
 	return True;
 }
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/passdb/pdb_tdb.c HEAD-pdb/source/passdb/pdb_tdb.c
--- HEAD/source/passdb/pdb_tdb.c	Fri Sep 27 07:40:04 2002
+++ HEAD-pdb/source/passdb/pdb_tdb.c	Tue Oct  8 16:07:07 2002
@@ -163,28 +163,28 @@ static BOOL init_sam_from_buffer (struct
 		uid = pw->pw_uid;
 		gid = pw->pw_gid;
 		
-		pdb_set_unix_homedir(sampass, pw->pw_dir);
+		pdb_set_unix_homedir(sampass, pw->pw_dir, PDB_SET);
 
 		passwd_free(&pw);
 
-		pdb_set_uid(sampass, uid);
-		pdb_set_gid(sampass, gid);
+		pdb_set_uid(sampass, uid, PDB_SET);
+		pdb_set_gid(sampass, gid, PDB_SET);
 	}
 
-	pdb_set_logon_time(sampass, logon_time, True);
-	pdb_set_logoff_time(sampass, logoff_time, True);
-	pdb_set_kickoff_time(sampass, kickoff_time, True);
-	pdb_set_pass_can_change_time(sampass, pass_can_change_time, True);
-	pdb_set_pass_must_change_time(sampass, pass_must_change_time, True);
-	pdb_set_pass_last_set_time(sampass, pass_last_set_time);
-
-	pdb_set_username     (sampass, username); 
-	pdb_set_domain       (sampass, domain);
-	pdb_set_nt_username  (sampass, nt_username);
-	pdb_set_fullname     (sampass, fullname);
+	pdb_set_logon_time(sampass, logon_time, PDB_SET);
+	pdb_set_logoff_time(sampass, logoff_time, PDB_SET);
+	pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET);
+	pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET);
+	pdb_set_pass_must_change_time(sampass, pass_must_change_time, PDB_SET);
+	pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET);
+
+	pdb_set_username     (sampass, username, PDB_SET); 
+	pdb_set_domain       (sampass, domain, PDB_SET);
+	pdb_set_nt_username  (sampass, nt_username, PDB_SET);
+	pdb_set_fullname     (sampass, fullname, PDB_SET);
 
 	if (homedir) {
-		pdb_set_homedir(sampass, homedir, True);
+		pdb_set_homedir(sampass, homedir, PDB_SET);
 	}
 	else {
 		pdb_set_homedir(sampass, 
@@ -192,69 +192,69 @@ static BOOL init_sam_from_buffer (struct
 						       lp_logon_home(),
 						       username, domain, 
 						       uid, gid),
-				False);
+				PDB_DEFAULT);
 	}
 
 	if (dir_drive) 	
-		pdb_set_dir_drive(sampass, dir_drive, True);
+		pdb_set_dir_drive(sampass, dir_drive, PDB_SET);
 	else {
 		pdb_set_dir_drive(sampass, 
 				  talloc_sub_specified(sampass->mem_ctx, 
 							 lp_logon_drive(),
 							 username, domain, 
 							 uid, gid),
-				  False);
+				  PDB_DEFAULT);
 	}
 
 	if (logon_script) 
-		pdb_set_logon_script(sampass, logon_script, True);
+		pdb_set_logon_script(sampass, logon_script, PDB_SET);
 	else {
 		pdb_set_logon_script(sampass, 
 				     talloc_sub_specified(sampass->mem_ctx, 
 							    lp_logon_script(),
 							    username, domain, 
 							    uid, gid),
-				  False);
+				  PDB_DEFAULT);
 	}
 	
 	if (profile_path) {	
-		pdb_set_profile_path(sampass, profile_path, True);
+		pdb_set_profile_path(sampass, profile_path, PDB_SET);
 	} else {
 		pdb_set_profile_path(sampass, 
 				     talloc_sub_specified(sampass->mem_ctx, 
 							    lp_logon_path(),
 							    username, domain, 
 							    uid, gid),
-				     False);
+				     PDB_DEFAULT);
 	}
 
-	pdb_set_acct_desc    (sampass, acct_desc);
-	pdb_set_workstations (sampass, workstations);
-	pdb_set_munged_dial  (sampass, munged_dial);
+	pdb_set_acct_desc    (sampass, acct_desc, PDB_SET);
+	pdb_set_workstations (sampass, workstations, PDB_SET);
+	pdb_set_munged_dial  (sampass, munged_dial, PDB_SET);
 
 	if (lm_pw_ptr && lm_pw_len == LM_HASH_LEN) {
-		if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr)) {
+		if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr, PDB_SET)) {
 			ret = False;
 			goto done;
 		}
 	}
 
 	if (nt_pw_ptr && nt_pw_len == NT_HASH_LEN) {
-		if (!pdb_set_nt_passwd(sampass, nt_pw_ptr)) {
+		if (!pdb_set_nt_passwd(sampass, nt_pw_ptr, PDB_SET)) {
 			ret = False;
 			goto done;
 		}
 	}
 
-	pdb_set_user_sid_from_rid(sampass, user_rid);
-	pdb_set_group_sid_from_rid(sampass, group_rid);
-	pdb_set_unknown_3(sampass, unknown_3);
-	pdb_set_hours_len(sampass, hours_len);
-	pdb_set_unknown_5(sampass, unknown_5);
-	pdb_set_unknown_6(sampass, unknown_6);
-	pdb_set_acct_ctrl(sampass, acct_ctrl);
-	pdb_set_logon_divs(sampass, logon_divs);
-	pdb_set_hours(sampass, hours);
+	pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET);
+	pdb_set_group_sid_from_rid(sampass, group_rid, PDB_SET);
+	pdb_set_unknown_3(sampass, unknown_3, PDB_SET);
+	pdb_set_hours_len(sampass, hours_len, PDB_SET);
+	pdb_set_unknown_5(sampass, unknown_5, PDB_SET);
+	pdb_set_unknown_6(sampass, unknown_6, PDB_SET);
+	pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET);
+	pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
+	pdb_set_hours(sampass, hours, PDB_SET);
 
 done:
 
@@ -421,12 +421,12 @@ static uint32 init_buffer_from_sam (stru
 		lm_pw_len, lm_pw,
 		nt_pw_len, nt_pw,
 		pdb_get_acct_ctrl(sampass),
-		pdb_get_unknown3(sampass),
+		pdb_get_unknown_3(sampass),
 		pdb_get_logon_divs(sampass),
 		pdb_get_hours_len(sampass),
 		MAX_HOURS_LEN, pdb_get_hours(sampass),
-		pdb_get_unknown5(sampass),
-		pdb_get_unknown6(sampass));
+		pdb_get_unknown_5(sampass),
+		pdb_get_unknown_6(sampass));
 
 
 	/* malloc the space needed */
@@ -460,12 +460,12 @@ static uint32 init_buffer_from_sam (stru
 		lm_pw_len, lm_pw,
 		nt_pw_len, nt_pw,
 		pdb_get_acct_ctrl(sampass),
-		pdb_get_unknown3(sampass),
+		pdb_get_unknown_3(sampass),
 		pdb_get_logon_divs(sampass),
 		pdb_get_hours_len(sampass),
 		MAX_HOURS_LEN, pdb_get_hours(sampass),
-		pdb_get_unknown5(sampass),
-		pdb_get_unknown6(sampass));
+		pdb_get_unknown_5(sampass),
+		pdb_get_unknown_6(sampass));
 	
 	
 	/* check to make sure we got it correct */
@@ -781,7 +781,7 @@ static BOOL tdb_update_sam(struct pdb_me
 						goto done;
 					}
 				}
-				pdb_set_user_sid_from_rid(newpwd, user_rid);
+				pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED);
 			} else {
 				user_rid = tdb_state->low_nua_rid;
 				tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "NUA_RID_COUNTER", &user_rid, RID_MULTIPLIER);
@@ -794,7 +794,7 @@ static BOOL tdb_update_sam(struct pdb_me
 					ret = False;
 					goto done;
 				}
-				pdb_set_user_sid_from_rid(newpwd, user_rid);
+				pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED);
 			}
 		} else {
 			DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd)));
@@ -811,7 +811,7 @@ static BOOL tdb_update_sam(struct pdb_me
 				goto done;
 			} else {
 				/* This seems like a good default choice for non-unix users */
-				pdb_set_group_sid_from_rid(newpwd, DOMAIN_GROUP_RID_USERS);
+				pdb_set_group_sid_from_rid(newpwd, DOMAIN_GROUP_RID_USERS, PDB_DEFAULT);
 			}
 		} else {
 			DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd)));
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/rpc_parse/parse_samr.c HEAD-pdb/source/rpc_parse/parse_samr.c
--- HEAD/source/rpc_parse/parse_samr.c	Fri Sep 27 07:40:04 2002
+++ HEAD-pdb/source/rpc_parse/parse_samr.c	Tue Oct  8 16:07:07 2002
@@ -6061,11 +6061,11 @@ NTSTATUS init_sam_user_info21A(SAM_USER_
 	usr->user_rid  = user_rid;
 	usr->group_rid = group_rid;
 	usr->acb_info  = pdb_get_acct_ctrl(pw);
-	usr->unknown_3 = pdb_get_unknown3(pw);
+	usr->unknown_3 = pdb_get_unknown_3(pw);
 
 	usr->logon_divs = pdb_get_logon_divs(pw); 
 	usr->ptr_logon_hrs = pdb_get_hours(pw) ? 1 : 0;
-	usr->unknown_5 = pdb_get_unknown5(pw); /* 0x0002 0000 */
+	usr->unknown_5 = pdb_get_unknown_5(pw); /* 0x0002 0000 */
 
 	if (pdb_get_pass_must_change_time(pw) == 0) {
 		usr->passmustchange=PASS_MUST_CHANGE_AT_NEXT_LOGON;
@@ -6088,7 +6088,7 @@ NTSTATUS init_sam_user_info21A(SAM_USER_
 	init_unistr2(&usr->uni_unknown_str, NULL, len_unknown_str);
 	init_unistr2(&usr->uni_munged_dial, munged_dial, len_munged_dial);
 
-	usr->unknown_6 = pdb_get_unknown6(pw);
+	usr->unknown_6 = pdb_get_unknown_6(pw);
 	usr->padding4 = 0;
 
 	if (pdb_get_hours(pw)) {
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/rpc_server/srv_netlog_nt.c HEAD-pdb/source/rpc_server/srv_netlog_nt.c
--- HEAD/source/rpc_server/srv_netlog_nt.c	Mon Sep 23 20:33:28 2002
+++ HEAD-pdb/source/rpc_server/srv_netlog_nt.c	Tue Oct  8 16:07:07 2002
@@ -433,12 +433,12 @@ NTSTATUS _net_srv_pwset(pipes_struct *p,
 	cred_hash3( pwd, q_u->pwd, p->dc.sess_key, 0);
 
 	/* lies!  nt and lm passwords are _not_ the same: don't care */
-	if (!pdb_set_lanman_passwd (sampass, pwd)) {
+	if (!pdb_set_lanman_passwd (sampass, pwd, PDB_CHANGED)) {
 		pdb_free_sam(&sampass);
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (!pdb_set_nt_passwd     (sampass, pwd)) {
+	if (!pdb_set_nt_passwd     (sampass, pwd, PDB_CHANGED)) {
 		pdb_free_sam(&sampass);
 		return NT_STATUS_NO_MEMORY;
 	}
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/rpc_server/srv_samr_nt.c HEAD-pdb/source/rpc_server/srv_samr_nt.c
--- HEAD/source/rpc_server/srv_samr_nt.c	Tue Oct  8 17:32:37 2002
+++ HEAD-pdb/source/rpc_server/srv_samr_nt.c	Tue Oct  8 17:34:44 2002
@@ -205,8 +205,8 @@ static void samr_clear_sam_passwd(SAM_AC
 
 	/* These now zero out the old password */
 
-	pdb_set_lanman_passwd(sam_pass, NULL);
-	pdb_set_nt_passwd(sam_pass, NULL);
+	pdb_set_lanman_passwd(sam_pass, NULL, PDB_DEFAULT);
+	pdb_set_nt_passwd(sam_pass, NULL, PDB_DEFAULT);
 }
 
 
@@ -2288,13 +2288,13 @@ NTSTATUS _api_samr_create_user(pipes_str
 			return nt_status;
 		}
 		
-		if (!pdb_set_username(sam_pass, account)) {
+		if (!pdb_set_username(sam_pass, account, PDB_CHANGED)) {
 			pdb_free_sam(&sam_pass);
 			return NT_STATUS_NO_MEMORY;
 		}
 	}
 
- 	pdb_set_acct_ctrl(sam_pass, acb_info);
+ 	pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED);
  
  	if (!pdb_add_sam_account(sam_pass)) {
  		pdb_free_sam(&sam_pass);
@@ -2675,8 +2675,9 @@ static BOOL set_user_info_10(const SAM_U
 		pdb_free_sam(&pwd);
 		return False;
 	}
-
-	if (!pdb_set_acct_ctrl(pwd, id10->acb_info)) {
+	
+	/* FIX ME: check if the value is really changed --metze */
+	if (!pdb_set_acct_ctrl(pwd, id10->acb_info, PDB_CHANGED)) {
 		pdb_free_sam(&pwd);
 		return False;
 	}
@@ -2712,11 +2713,11 @@ static BOOL set_user_info_12(SAM_USER_IN
 		return False;
 	}
  
-	if (!pdb_set_lanman_passwd (pwd, id12->lm_pwd)) {
+	if (!pdb_set_lanman_passwd (pwd, id12->lm_pwd, PDB_CHANGED)) {
 		pdb_free_sam(&pwd);
 		return False;
 	}
-	if (!pdb_set_nt_passwd     (pwd, id12->nt_pwd)) {
+	if (!pdb_set_nt_passwd     (pwd, id12->nt_pwd, PDB_CHANGED)) {
 		pdb_free_sam(&pwd);
 		return False;
 	}
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/rpc_server/srv_samr_util.c HEAD-pdb/source/rpc_server/srv_samr_util.c
--- HEAD/source/rpc_server/srv_samr_util.c	Fri Sep 27 07:40:04 2002
+++ HEAD-pdb/source/rpc_server/srv_samr_util.c	Tue Oct  8 16:07:07 2002
@@ -47,14 +47,14 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		stored_time = pdb_get_logon_time(to);
 		DEBUG(10,("INFO_21 LOGON_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_logon_time(to, unix_time, True);
+			pdb_set_logon_time(to, unix_time, PDB_CHANGED);
 	}	
 	if (!nt_time_is_zero(&from->logoff_time)) {
 		unix_time=nt_time_to_unix(&from->logoff_time);
 		stored_time = pdb_get_logoff_time(to);
 		DEBUG(10,("INFO_21 LOGOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_logoff_time(to, unix_time, True);
+			pdb_set_logoff_time(to, unix_time, PDB_CHANGED);
 	}
 	
 	if (!nt_time_is_zero(&from->kickoff_time)) {
@@ -62,7 +62,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		stored_time = pdb_get_kickoff_time(to);
 		DEBUG(10,("INFO_21 KICKOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_kickoff_time(to, unix_time , True);
+			pdb_set_kickoff_time(to, unix_time , PDB_CHANGED);
 	}	
 
 	if (!nt_time_is_zero(&from->pass_can_change_time)) {
@@ -70,14 +70,14 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		stored_time = pdb_get_pass_can_change_time(to);
 		DEBUG(10,("INFO_21 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_pass_can_change_time(to, unix_time, True);
+			pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED);
 	}
 	if (!nt_time_is_zero(&from->pass_last_set_time)) {
 		unix_time=nt_time_to_unix(&from->pass_last_set_time);
 		stored_time = pdb_get_pass_last_set_time(to);
 		DEBUG(10,("INFO_21 PASS_LAST_SET: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_pass_last_set_time(to, unix_time);
+			pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED);
 	}
 
 	if (!nt_time_is_zero(&from->pass_must_change_time)) {
@@ -85,7 +85,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		stored_time=pdb_get_pass_must_change_time(to);
 		DEBUG(10,("INFO_21 PASS_MUST_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_pass_must_change_time(to, unix_time, True);
+			pdb_set_pass_must_change_time(to, unix_time, PDB_CHANGED);
 	}
 
 	/* Backend should check this for sainity */
@@ -94,7 +94,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_user_name);
 		DEBUG(10,("INFO_21 UNI_USER_NAME: %s -> %s\n", old_string, new_string));
 		if (STRING_CHANGED)
-		    pdb_set_username(to      , new_string);
+		    pdb_set_username(to      , new_string, PDB_CHANGED);
 	}
 
 	if (from->hdr_full_name.buffer) {
@@ -102,7 +102,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_user_name);
 		DEBUG(10,("INFO_21 UNI_FULL_NAME: %s -> %s\n",old_string, new_string));
 		if (STRING_CHANGED)
-			pdb_set_fullname(to      , new_string);
+			pdb_set_fullname(to      , new_string, PDB_CHANGED);
 	}
 	
 	if (from->hdr_home_dir.buffer) {
@@ -110,7 +110,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_home_dir);
 		DEBUG(10,("INFO_21 UNI_HOME_DIR: %s -> %s\n",old_string,new_string));
 		if (STRING_CHANGED)
-			pdb_set_homedir(to       , new_string, True);
+			pdb_set_homedir(to       , new_string, PDB_CHANGED);
 	}
 
 	if (from->hdr_dir_drive.buffer) {
@@ -118,7 +118,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_dir_drive);
 		DEBUG(10,("INFO_21 UNI_DIR_DRIVE: %s -> %s\n",old_string,new_string));
 		if (STRING_CHANGED)
-			pdb_set_dir_drive(to     , new_string, True);
+			pdb_set_dir_drive(to     , new_string, PDB_CHANGED);
 	}
 
 	if (from->hdr_logon_script.buffer) {
@@ -126,7 +126,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_logon_script);
 		DEBUG(10,("INFO_21 UNI_LOGON_SCRIPT: %s -> %s\n",old_string,new_string));
 		if (STRING_CHANGED)
-			pdb_set_logon_script(to  , new_string, True);
+			pdb_set_logon_script(to  , new_string, PDB_CHANGED);
 	}
 
 	if (from->hdr_profile_path.buffer) {
@@ -134,7 +134,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_profile_path);
 		DEBUG(10,("INFO_21 UNI_PROFILE_PATH: %s -> %s\n",old_string, new_string));
 		if (STRING_CHANGED)
-			pdb_set_profile_path(to  , new_string, True);
+			pdb_set_profile_path(to  , new_string, PDB_CHANGED);
 	}
 	
 	if (from->hdr_acct_desc.buffer) {
@@ -142,7 +142,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_acct_desc);
 		DEBUG(10,("INFO_21 UNI_ACCT_DESC: %s -> %s\n",old_string,new_string));
 		if (STRING_CHANGED)
-			pdb_set_acct_desc(to     , new_string);
+			pdb_set_acct_desc(to     , new_string, PDB_CHANGED);
 	}
 	
 	if (from->hdr_workstations.buffer) {
@@ -150,7 +150,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_workstations);
 		DEBUG(10,("INFO_21 UNI_WORKSTATIONS: %s -> %s\n",old_string, new_string));
 		if (STRING_CHANGED)
-			pdb_set_workstations(to  , new_string);
+			pdb_set_workstations(to  , new_string, PDB_CHANGED);
 	}
 
 	if (from->hdr_unknown_str.buffer) {
@@ -158,7 +158,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_unknown_str);
 		DEBUG(10,("INFO_21 UNI_UNKNOWN_STR: %s -> %s\n",old_string, new_string));
 		if (STRING_CHANGED)
-			pdb_set_unknown_str(to   , new_string);
+			pdb_set_unknown_str(to   , new_string, PDB_CHANGED);
 	}
 	
 	if (from->hdr_munged_dial.buffer) {
@@ -166,40 +166,53 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_munged_dial);
 		DEBUG(10,("INFO_21 UNI_MUNGED_DIAL: %s -> %s\n",old_string, new_string));
 		if (STRING_CHANGED)
-			pdb_set_munged_dial(to   , new_string);
+			pdb_set_munged_dial(to   , new_string, PDB_CHANGED);
 	}
 	
 	if (from->user_rid) {
 		DEBUG(10,("INFO_21 USER_RID: %u -> %u NOT UPDATED!\n",pdb_get_user_rid(to),from->user_rid));
 		/* we really allow this ??? metze */
-		/* pdb_set_user_sid_from_rid(to, from->user_rid);*/
+		/* pdb_set_user_sid_from_rid(to, from->user_rid, PDB_CHANGED);*/
 	}
 	
 	if (from->group_rid) {
 		DEBUG(10,("INFO_21 GROUP_RID: %u -> %u\n",pdb_get_group_rid(to),from->group_rid));
-		pdb_set_group_sid_from_rid(to, from->group_rid);
+		pdb_set_group_sid_from_rid(to, from->group_rid, PDB_CHANGED);
 	}
 	
 	DEBUG(10,("INFO_21 ACCT_CTRL: %08X -> %08X\n",pdb_get_acct_ctrl(to),from->acb_info));
-	pdb_set_acct_ctrl(to, from->acb_info);
+	if (from->acb_info != pdb_get_acct_ctrl(to)) {
+		pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED);
+	}
 
-	DEBUG(10,("INFO_21 UNKOWN_3: %08X -> %08X\n",pdb_get_unknown3(to),from->unknown_3));
-	pdb_set_unknown_3(to, from->unknown_3);
-	
+	DEBUG(10,("INFO_21 UNKOWN_3: %08X -> %08X\n",pdb_get_unknown_3(to),from->unknown_3));
+	if (from->unknown_3 != pdb_get_unknown_3(to)) {
+		pdb_set_unknown_3(to, from->unknown_3, PDB_CHANGED);
+	}
 
 	DEBUG(15,("INFO_21 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs));
-	pdb_set_logon_divs(to, from->logon_divs);
+	if (from->logon_divs != pdb_get_logon_divs(to)) {
+		pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED);
+	}
 
 	DEBUG(15,("INFO_21 LOGON_HRS.LEN: %08X -> %08X\n",pdb_get_hours_len(to),from->logon_hrs.len));
-	pdb_set_hours_len(to, from->logon_hrs.len);
+	if (from->logon_hrs.len != pdb_get_hours_len(to)) {
+		pdb_set_hours_len(to, from->logon_hrs.len, PDB_CHANGED);
+	}
+
 	DEBUG(15,("INFO_21 LOGON_HRS.HOURS: %s -> %s\n",pdb_get_hours(to),from->logon_hrs.hours));
-	pdb_set_hours(to, from->logon_hrs.hours);
+/* Fix me: only update if it changes --metze */
+	pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED);
 
-	DEBUG(10,("INFO_21 UNKOWN_5: %08X -> %08X\n",pdb_get_unknown5(to),from->unknown_5));
-	pdb_set_unknown_5(to, from->unknown_5);
+	DEBUG(10,("INFO_21 UNKOWN_5: %08X -> %08X\n",pdb_get_unknown_5(to),from->unknown_5));
+	if (from->unknown_5 != pdb_get_unknown_5(to)) {
+		pdb_set_unknown_5(to, from->unknown_5, PDB_CHANGED);
+	}
 
-	DEBUG(10,("INFO_21 UNKOWN_6: %08X -> %08X\n",pdb_get_unknown6(to),from->unknown_6));
-	pdb_set_unknown_6(to, from->unknown_6);
+	DEBUG(10,("INFO_21 UNKOWN_6: %08X -> %08X\n",pdb_get_unknown_6(to),from->unknown_6));
+	if (from->unknown_6 != pdb_get_unknown_6(to)) {
+		pdb_set_unknown_6(to, from->unknown_6, PDB_CHANGED);
+	}
 
 	DEBUG(10,("INFO_21 PADDING1 %02X %02X %02X %02X %02X %02X\n",
 		  from->padding1[0],
@@ -211,7 +224,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT
 
 	DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
 	if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) {
-		pdb_set_pass_must_change_time(to,0, True);		
+		pdb_set_pass_must_change_time(to,0, PDB_CHANGED);		
 	}
 
 	DEBUG(10,("INFO_21 PADDING_2: %02X\n",from->padding2));
@@ -236,14 +249,14 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		stored_time = pdb_get_logon_time(to);
 		DEBUG(10,("INFO_23 LOGON_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_logon_time(to, unix_time, True);
+			pdb_set_logon_time(to, unix_time, PDB_CHANGED);
 	}	
 	if (!nt_time_is_zero(&from->logoff_time)) {
 		unix_time=nt_time_to_unix(&from->logoff_time);
 		stored_time = pdb_get_logoff_time(to);
 		DEBUG(10,("INFO_23 LOGOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_logoff_time(to, unix_time, True);
+			pdb_set_logoff_time(to, unix_time, PDB_CHANGED);
 	}
 	
 	if (!nt_time_is_zero(&from->kickoff_time)) {
@@ -251,7 +264,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		stored_time = pdb_get_kickoff_time(to);
 		DEBUG(10,("INFO_23 KICKOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_kickoff_time(to, unix_time , True);
+			pdb_set_kickoff_time(to, unix_time , PDB_CHANGED);
 	}	
 
 	if (!nt_time_is_zero(&from->pass_can_change_time)) {
@@ -259,14 +272,14 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		stored_time = pdb_get_pass_can_change_time(to);
 		DEBUG(10,("INFO_23 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_pass_can_change_time(to, unix_time, True);
+			pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED);
 	}
 	if (!nt_time_is_zero(&from->pass_last_set_time)) {
 		unix_time=nt_time_to_unix(&from->pass_last_set_time);
 		stored_time = pdb_get_pass_last_set_time(to);
 		DEBUG(10,("INFO_23 PASS_LAST_SET: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_pass_last_set_time(to, unix_time);
+			pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED);
 	}
 
 	if (!nt_time_is_zero(&from->pass_must_change_time)) {
@@ -274,7 +287,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		stored_time=pdb_get_pass_must_change_time(to);
 		DEBUG(10,("INFO_23 PASS_MUST_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
 		if (stored_time != unix_time) 
-			pdb_set_pass_must_change_time(to, unix_time, True);
+			pdb_set_pass_must_change_time(to, unix_time, PDB_CHANGED);
 	}
 
 	/* Backend should check this for sainity */
@@ -283,7 +296,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_user_name);
 		DEBUG(10,("INFO_23 UNI_USER_NAME: %s -> %s\n", old_string, new_string));
 		if (STRING_CHANGED)
-		    pdb_set_username(to      , new_string);
+		    pdb_set_username(to      , new_string, PDB_CHANGED);
 	}
 
 	if (from->hdr_full_name.buffer) {
@@ -291,7 +304,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_user_name);
 		DEBUG(10,("INFO_23 UNI_FULL_NAME: %s -> %s\n",old_string, new_string));
 		if (STRING_CHANGED)
-			pdb_set_fullname(to      , new_string);
+			pdb_set_fullname(to      , new_string, PDB_CHANGED);
 	}
 	
 	if (from->hdr_home_dir.buffer) {
@@ -299,7 +312,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_home_dir);
 		DEBUG(10,("INFO_23 UNI_HOME_DIR: %s -> %s\n",old_string,new_string));
 		if (STRING_CHANGED)
-			pdb_set_homedir(to       , new_string, True);
+			pdb_set_homedir(to       , new_string, PDB_CHANGED);
 	}
 
 	if (from->hdr_dir_drive.buffer) {
@@ -307,7 +320,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_dir_drive);
 		DEBUG(10,("INFO_23 UNI_DIR_DRIVE: %s -> %s\n",old_string,new_string));
 		if (STRING_CHANGED)
-			pdb_set_dir_drive(to     , new_string, True);
+			pdb_set_dir_drive(to     , new_string, PDB_CHANGED);
 	}
 
 	if (from->hdr_logon_script.buffer) {
@@ -315,7 +328,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_logon_script);
 		DEBUG(10,("INFO_23 UNI_LOGON_SCRIPT: %s -> %s\n",old_string,new_string));
 		if (STRING_CHANGED)
-			pdb_set_logon_script(to  , new_string, True);
+			pdb_set_logon_script(to  , new_string, PDB_CHANGED);
 	}
 
 	if (from->hdr_profile_path.buffer) {
@@ -323,7 +336,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_profile_path);
 		DEBUG(10,("INFO_23 UNI_PROFILE_PATH: %s -> %s\n",old_string, new_string));
 		if (STRING_CHANGED)
-			pdb_set_profile_path(to  , new_string, True);
+			pdb_set_profile_path(to  , new_string, PDB_CHANGED);
 	}
 	
 	if (from->hdr_acct_desc.buffer) {
@@ -331,7 +344,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_acct_desc);
 		DEBUG(10,("INFO_23 UNI_ACCT_DESC: %s -> %s\n",old_string,new_string));
 		if (STRING_CHANGED)
-			pdb_set_acct_desc(to     , new_string);
+			pdb_set_acct_desc(to     , new_string, PDB_CHANGED);
 	}
 	
 	if (from->hdr_workstations.buffer) {
@@ -339,7 +352,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_workstations);
 		DEBUG(10,("INFO_23 UNI_WORKSTATIONS: %s -> %s\n",old_string, new_string));
 		if (STRING_CHANGED)
-			pdb_set_workstations(to  , new_string);
+			pdb_set_workstations(to  , new_string, PDB_CHANGED);
 	}
 
 	if (from->hdr_unknown_str.buffer) {
@@ -347,7 +360,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_unknown_str);
 		DEBUG(10,("INFO_23 UNI_UNKNOWN_STR: %s -> %s\n",old_string, new_string));
 		if (STRING_CHANGED)
-			pdb_set_unknown_str(to   , new_string);
+			pdb_set_unknown_str(to   , new_string, PDB_CHANGED);
 	}
 	
 	if (from->hdr_munged_dial.buffer) {
@@ -355,40 +368,53 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 		new_string = pdb_unistr2_convert(&from->uni_munged_dial);
 		DEBUG(10,("INFO_23 UNI_MUNGED_DIAL: %s -> %s\n",old_string, new_string));
 		if (STRING_CHANGED)
-			pdb_set_munged_dial(to   , new_string);
+			pdb_set_munged_dial(to   , new_string, PDB_CHANGED);
 	}
 	
 	if (from->user_rid) {
 		DEBUG(10,("INFO_23 USER_RID: %u -> %u NOT UPDATED!\n",pdb_get_user_rid(to),from->user_rid));
 		/* we really allow this ??? metze */
-		/* pdb_set_user_sid_from_rid(to, from->user_rid);*/
+		/* pdb_set_user_sid_from_rid(to, from->user_rid, PDB_CHANGED);*/
 	}
 	
 	if (from->group_rid) {
 		DEBUG(10,("INFO_23 GROUP_RID: %u -> %u\n",pdb_get_group_rid(to),from->group_rid));
-		pdb_set_group_sid_from_rid(to, from->group_rid);
+		pdb_set_group_sid_from_rid(to, from->group_rid, PDB_CHANGED);
 	}
 	
 	DEBUG(10,("INFO_23 ACCT_CTRL: %08X -> %08X\n",pdb_get_acct_ctrl(to),from->acb_info));
-	pdb_set_acct_ctrl(to, from->acb_info);
+	if (from->acb_info != pdb_get_acct_ctrl(to)) {
+		pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED);
+	}
 
-	DEBUG(10,("INFO_23 UNKOWN_3: %08X -> %08X\n",pdb_get_unknown3(to),from->unknown_3));
-	pdb_set_unknown_3(to, from->unknown_3);
-	
+	DEBUG(10,("INFO_23 UNKOWN_3: %08X -> %08X\n",pdb_get_unknown_3(to),from->unknown_3));
+	if (from->unknown_3 != pdb_get_unknown_3(to)) {
+		pdb_set_unknown_3(to, from->unknown_3, PDB_CHANGED);
+	}
 
 	DEBUG(15,("INFO_23 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs));
-	pdb_set_logon_divs(to, from->logon_divs);
+	if (from->logon_divs != pdb_get_logon_divs(to)) {
+		pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED);
+	}
 
 	DEBUG(15,("INFO_23 LOGON_HRS.LEN: %08X -> %08X\n",pdb_get_hours_len(to),from->logon_hrs.len));
-	pdb_set_hours_len(to, from->logon_hrs.len);
+	if (from->logon_hrs.len != pdb_get_hours_len(to)) {
+		pdb_set_hours_len(to, from->logon_hrs.len, PDB_CHANGED);
+	}
+
 	DEBUG(15,("INFO_23 LOGON_HRS.HOURS: %s -> %s\n",pdb_get_hours(to),from->logon_hrs.hours));
-	pdb_set_hours(to, from->logon_hrs.hours);
+/* Fix me: only update if it changes --metze */
+	pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED);
 
-	DEBUG(10,("INFO_23 UNKOWN_5: %08X -> %08X\n",pdb_get_unknown5(to),from->unknown_5));
-	pdb_set_unknown_5(to, from->unknown_5);
+	DEBUG(10,("INFO_23 UNKOWN_5: %08X -> %08X\n",pdb_get_unknown_5(to),from->unknown_5));
+	if (from->unknown_5 != pdb_get_unknown_5(to)) {
+		pdb_set_unknown_5(to, from->unknown_5, PDB_CHANGED);
+	}
 
-	DEBUG(10,("INFO_23 UNKOWN_6: %08X -> %08X\n",pdb_get_unknown6(to),from->unknown_6));
-	pdb_set_unknown_6(to, from->unknown_6);
+	DEBUG(10,("INFO_23 UNKOWN_6: %08X -> %08X\n",pdb_get_unknown_6(to),from->unknown_6));
+	if (from->unknown_6 != pdb_get_unknown_6(to)) {
+		pdb_set_unknown_6(to, from->unknown_6, PDB_CHANGED);
+	}
 
 	DEBUG(10,("INFO_23 PADDING1 %02X %02X %02X %02X %02X %02X\n",
 		  from->padding1[0],
@@ -400,7 +426,7 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT
 
 	DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
 	if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) {
-		pdb_set_pass_must_change_time(to,0, True);		
+		pdb_set_pass_must_change_time(to,0, PDB_CHANGED);		
 	}
 
 	DEBUG(10,("INFO_23 PADDING_2: %02X\n",from->padding2));
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/smbd/chgpasswd.c HEAD-pdb/source/smbd/chgpasswd.c
--- HEAD/source/smbd/chgpasswd.c	Mon Jul 29 06:34:57 2002
+++ HEAD-pdb/source/smbd/chgpasswd.c	Tue Oct  8 16:07:07 2002
@@ -707,11 +707,11 @@ BOOL change_lanman_password(SAM_ACCOUNT 
 		D_P16(pwd, pass2, unenc_new_pw);
 	}
 
-	if (!pdb_set_lanman_passwd(sampass, unenc_new_pw)) {
+	if (!pdb_set_lanman_passwd(sampass, unenc_new_pw, PDB_CHANGED)) {
 		return False;
 	}
 
-	if (!pdb_set_nt_passwd    (sampass, NULL)) {
+	if (!pdb_set_nt_passwd    (sampass, NULL, PDB_CHANGED)) {
 		return False;	/* We lose the NT hash. Sorry. */
 	}
 
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/smbd/password.c HEAD-pdb/source/smbd/password.c
--- HEAD/source/smbd/password.c	Sat Sep  7 18:02:02 2002
+++ HEAD-pdb/source/smbd/password.c	Tue Oct  8 16:07:07 2002
@@ -134,7 +134,7 @@ int register_vuid(auth_serversupplied_in
 	 * the new real sam db won't have reference to unix uids or gids
 	 */
 	if (!IS_SAM_UNIX_USER(server_info->sam_account)) {
-		DEBUG(0,("Attempted session setup with invalid user.  No uid/gid in SAM_ACCOUNT (flags:%x)\n", pdb_get_init_flag(server_info->sam_account)));
+		DEBUG(0,("Attempted session setup with invalid user.  No uid/gid in SAM_ACCOUNT\n"));
 		free(vuser);
 		return UID_FIELD_INVALID;
 	}
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/utils/net_rpc_samsync.c HEAD-pdb/source/utils/net_rpc_samsync.c
--- HEAD/source/utils/net_rpc_samsync.c	Fri Oct  4 08:06:23 2002
+++ HEAD-pdb/source/utils/net_rpc_samsync.c	Tue Oct  8 16:07:07 2002
@@ -199,62 +199,62 @@ sam_account_from_delta(SAM_ACCOUNT *acco
 	   desc, workstations, profile. */
 
 	unistr2_to_ascii(s, &delta->uni_acct_name, sizeof(s) - 1);
-	pdb_set_nt_username(account, s);
+	pdb_set_nt_username(account, s, PDB_CHANGED);
 
 	/* Unix username is the same - for sainity */
-	pdb_set_username(account, s);
+	pdb_set_username(account, s, PDB_CHANGED);
 
 	unistr2_to_ascii(s, &delta->uni_full_name, sizeof(s) - 1);
-	pdb_set_fullname(account, s);
+	pdb_set_fullname(account, s, PDB_CHANGED);
 
 	unistr2_to_ascii(s, &delta->uni_home_dir, sizeof(s) - 1);
-	pdb_set_homedir(account, s, True);
+	pdb_set_homedir(account, s, PDB_CHANGED);
 
 	unistr2_to_ascii(s, &delta->uni_dir_drive, sizeof(s) - 1);
-	pdb_set_dir_drive(account, s, True);
+	pdb_set_dir_drive(account, s, PDB_CHANGED);
 
 	unistr2_to_ascii(s, &delta->uni_logon_script, sizeof(s) - 1);
-	pdb_set_logon_script(account, s, True);
+	pdb_set_logon_script(account, s, PDB_CHANGED);
 
 	unistr2_to_ascii(s, &delta->uni_acct_desc, sizeof(s) - 1);
-	pdb_set_acct_desc(account, s);
+	pdb_set_acct_desc(account, s, PDB_CHANGED);
 
 	unistr2_to_ascii(s, &delta->uni_workstations, sizeof(s) - 1);
-	pdb_set_workstations(account, s);
+	pdb_set_workstations(account, s, PDB_CHANGED);
 
 	unistr2_to_ascii(s, &delta->uni_profile, sizeof(s) - 1);
-	pdb_set_profile_path(account, s, True);
+	pdb_set_profile_path(account, s, PDB_CHANGED);
 
 	/* User and group sid */
 
-	pdb_set_user_sid_from_rid(account, delta->user_rid);
-	pdb_set_group_sid_from_rid(account, delta->group_rid);
+	pdb_set_user_sid_from_rid(account, delta->user_rid, PDB_CHANGED);
+	pdb_set_group_sid_from_rid(account, delta->group_rid, PDB_CHANGED);
 
 	/* Logon and password information */
 
-	pdb_set_logon_time(account, nt_time_to_unix(&delta->logon_time), True);
+	pdb_set_logon_time(account, nt_time_to_unix(&delta->logon_time), PDB_CHANGED);
 	pdb_set_logoff_time(account, nt_time_to_unix(&delta->logoff_time),
-			    True);
-	pdb_set_logon_divs(account, delta->logon_divs);
+			    PDB_CHANGED);
+	pdb_set_logon_divs(account, delta->logon_divs, PDB_CHANGED);
 
 	/* TODO: logon hours */
 	/* TODO: bad password count */
 	/* TODO: logon count */
 
 	pdb_set_pass_last_set_time(
-		account, nt_time_to_unix(&delta->pwd_last_set_time));
+		account, nt_time_to_unix(&delta->pwd_last_set_time), PDB_CHANGED);
 
-	pdb_set_kickoff_time(account, get_time_t_max(), True);
+	pdb_set_kickoff_time(account, get_time_t_max(), PDB_CHANGED);
 
 	/* Decode hashes from password hash */
 	sam_pwd_hash(delta->user_rid, delta->pass.buf_lm_pwd, lm_passwd, 0);
 	sam_pwd_hash(delta->user_rid, delta->pass.buf_nt_pwd, nt_passwd, 0);
-	pdb_set_nt_passwd(account, nt_passwd);
-	pdb_set_lanman_passwd(account, lm_passwd);
+	pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED);
+	pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED);
 
 	/* TODO: account expiry time */
 
-	pdb_set_acct_ctrl(account, delta->acb_info);
+	pdb_set_acct_ctrl(account, delta->acb_info, PDB_CHANGED);
 	return NT_STATUS_OK;
 }
 
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/utils/pdbedit.c HEAD-pdb/source/utils/pdbedit.c
--- HEAD/source/utils/pdbedit.c	Sun Oct  6 16:29:39 2002
+++ HEAD-pdb/source/utils/pdbedit.c	Tue Oct  8 16:07:07 2002
@@ -247,15 +247,15 @@ static int set_user_info (struct pdb_con
 	}
 	
 	if (fullname)
-		pdb_set_fullname(sam_pwent, fullname);
+		pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
 	if (homedir)
-		pdb_set_homedir(sam_pwent, homedir, True);
+		pdb_set_homedir(sam_pwent, homedir, PDB_CHANGED);
 	if (drive)
-		pdb_set_dir_drive(sam_pwent,drive, True);
+		pdb_set_dir_drive(sam_pwent,drive, PDB_CHANGED);
 	if (script)
-		pdb_set_logon_script(sam_pwent, script, True);
+		pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
 	if (profile)
-		pdb_set_profile_path (sam_pwent, profile, True);
+		pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED);
 	
 	if (NT_STATUS_IS_OK(in->pdb_update_sam_account (in, sam_pwent)))
 		print_user_info (in, username, True, False);
@@ -285,7 +285,7 @@ static int new_user (struct pdb_context 
 	} else {
 		fprintf (stderr, "WARNING: user %s does not exist in system passwd\n", username);
 		pdb_init_sam(&sam_pwent);
-		if (!pdb_set_username(sam_pwent, username)) {
+		if (!pdb_set_username(sam_pwent, username, PDB_CHANGED)) {
 			return False;
 		}
 	}
@@ -313,17 +313,17 @@ static int new_user (struct pdb_context 
 	SAFE_FREE(password2);
 
 	if (fullname)
-		pdb_set_fullname(sam_pwent, fullname);
+		pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
 	if (homedir)
-		pdb_set_homedir (sam_pwent, homedir, True);
+		pdb_set_homedir (sam_pwent, homedir, PDB_CHANGED);
 	if (drive)
-		pdb_set_dir_drive (sam_pwent, drive, True);
+		pdb_set_dir_drive (sam_pwent, drive, PDB_CHANGED);
 	if (script)
-		pdb_set_logon_script(sam_pwent, script, True);
+		pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
 	if (profile)
-		pdb_set_profile_path (sam_pwent, profile, True);
+		pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED);
 	
-	pdb_set_acct_ctrl (sam_pwent, ACB_NORMAL);
+	pdb_set_acct_ctrl (sam_pwent, ACB_NORMAL, PDB_CHANGED);
 	
 	if (NT_STATUS_IS_OK(in->pdb_add_sam_account (in, sam_pwent))) { 
 		print_user_info (in, username, True, False);
@@ -361,11 +361,11 @@ static int new_machine (struct pdb_conte
 	
 	pdb_set_plaintext_passwd (sam_pwent, password);
 
-	pdb_set_username (sam_pwent, name);
+	pdb_set_username (sam_pwent, name, PDB_CHANGED);
 	
-	pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST);
+	pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST, PDB_CHANGED);
 	
-	pdb_set_group_sid_from_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS);
+	pdb_set_group_sid_from_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS, PDB_CHANGED);
 	
 	if (NT_STATUS_IS_OK(in->pdb_add_sam_account (in, sam_pwent))) {
 		print_user_info (in, name, True, False);


More information about the samba-technical mailing list