[Samba] Exchange 5.5 not seeing new Domain accounts - lsass.exe searching local SAM

Ian Clancy clancyian at cel.ie
Thu Jun 16 18:09:05 GMT 2005 

Hi,
First of all, The problem i am having is not directly related to Samba. 
So apologies, however there are a lot of people on this list who know a 
good deal about how windows (and related technologies) work so i'm 
hoping they can shed some light on the matter.

Background :
I successfully completed a migration from a Windows NT4 Domain to s 
Samba domain with LDAP backend about 2 months. The old NT4 PDC also 
hosted an exchange 5.5 sp4 email server so i could not just rubbish it. 
Once the migration was complete i used a tool called UPromote to demote 
the old PDC and rejoined it to the new domain (Same Domain Name). All 
appeared to work well...

However,  When a added new account to the system they could not access 
their email using their domain account whereas existing accounts were 
working fine. The mail server reported this error (from event log):
----------
A logon attempt failed because an attempt to look up Windows NT account 
information failed. Error 1332.
----------

The new accounts worked perfectly in every other sense. Even at the old 
PDC i could log on with the new accounts, see the new accounts in 
usrmgr.exe, and select them as the Primary Windows NT account for the 
associated mailbox in the Exchange admin program.

So i though, Maybe exchange is somehow looking on the old PDC for 
account data. I was able to confirm my suspicion using an application 
called regmon which records access to the registry. From the following 
out put i can see the lsass.exe program searching the SAM portion of the 
registry for the user account.

Output using the regmon utility
-------
20490   160.25828604    lsass.exe:48    OpenKey 
HKLM\SAM\SAM\DOMAINS\Account\Groups\00002F6A    NOTFOUND
20491   160.25839958    lsass.exe:48    OpenKey 
HKLM\SAM\SAM\DOMAINS\Account\Aliases\00002F6A   NOTFOUND
20492   160.25852070    lsass.exe:48    OpenKey 
HKLM\SAM\SAM\DOMAINS\Account\Users\00002F6A     NOTFOUND
-----

Finally (and thanks for your patience :) ). How do i get Exchange (or 
lsass.exe) to search the domain for accounts and not the local registry 
(HKEY_LOCAL_MACHINE) ?.

Any suggestion welcome,
thanks



-- 
Ian Clancy
IT Systems Engineer
Connaught Electronics Ltd.
Dunmore Rd,
Tuam,
Co. Galway,
Ireland.

P : ++353 93 23151
F : ++353 93 23110
E : mailto:clancyian at cel.ie
W : http://www.cel-europe.com

More information about the samba mailing list