Moving a domain

Richard Sharpe rsharpe at
Sun Feb 2 18:36:10 GMT 2003

On Sun, 2 Feb 2003, Tom Alsberg wrote:

> Now this is a little mess when moving to a different server.  I
> decided to try out the common way, and gave a CNAME alias cifserver to
> the new machine, and running nmbd on it with the -n flag (-n
> CIFSERVER) to use that NetBIOS name as well (the domain name is now

When smbd starts (and this includes at least 2.2.3, I believe, and beyond 
to 3.0.x), it checks to see if there is a SID in the secrets file with the 
key SECRET/SID/<UCNBNAME> where UCNBNAME is the uppercase NetBIOS name.

If one does not exist, it will create a new random SID, set the machine 
SID to that, and then set the domain SID to that! If the SID changes, even 
if you have preserved the trust accounts and their current passwords, 
Windows will complain that the SID is inconsistent with what it had when 
it joined.

The SID for the old machine name is still in the secrets file, and you can 
use tdbdump to find the keys, and thus the old machine name if you need 

This is relevant to your questions below.
> The question is - if any of you had experience, or theoretical facts
> and ideas of - would this work?  For users who only use it as a file
> and print server, it most probably would.  But as a domain controller
> - the clients remember a few things, and the server remembers a few
> things.
> The SID and secrets files should probably be copied...  But then,
> should clients who are already in the domain be able to continue using
> it, without leaving and re-joining it?

You probably only really need the secrets file and the smbpasswd or 
whatever passwd database you are using for Windows accounts.

If the NetBIOS name changes, you have a couple of choices, as outlined at As soon as Samba 2.2.8 ships you will retrieve the 
old SID and re-establish that as the machine SID for your Samba server and 
the domain SID. You can already do that with the net command for Samba 


Richard Sharpe, rsharpe[at], rsharpe[at], 

More information about the samba-technical mailing list