[Samba] A PDC migration postmortem (and SIDs Novell-style)

John H Terpstra jht at samba.org
Thu Sep 11 19:41:28 GMT 2003

On Thu, 11 Sep 2003, Dan Gapinski wrote:

> Hello,
> I just migrated a Samba PDC from one computer to another without too much
> complaining from Samba itself, but had to rejoin my computers (fortunately
> this is a small office) to the domain thereafter, which caused a litttle
> problem in getting the profiles back to where they were supposed to be.
> (Windows, not seeing the proper domain, cannot copy the profile in the
> profile manager, listing the old domain profiles as "Account Deleted").
> My question is:
> 1) Aside from having the forethought to offload the previous profiles to a
> temp area, was there any way I could have recreated the client account
> database to rejoin automatically? Ans is the SID tied directly to the PDC's
> hostname?

The change of hostname will have changed the SID. Had you saved the SID
first, you could restore it and then all your profiles should work
correctly again. The domain SID is stored in the profile NTUser.DAT files.

> 2) Is there any way to have Samba ignore the workstation SID as Novell does,
> which could be a help in this case as well as when an admin might wish to
> clone a whole batch of PC's?


But you can recover the SID from the profile NTUser.DAT file using the
'profiles' tool that is part of Samba-3. You will need to compile it
separately. Then use it to list the security descriptors. Alternatively
you may be able to find the SID using the 'editreg' tool.

Once you find the domain SID you can record it and then use the 'net' tool
to reset the domain SID.

Of course, if you have already rejoined your clients to the domain, then
after you revert the domain SID you will have to go through the re-joining
process again. :(

- John T.
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list