[Samba] Domain SID vs. Local SID on Domain Controller & SID requirements

Miguel Medalha miguelmedalha at sapo.pt
Tue Sep 15 13:40:41 MDT 2009

> IF a samba server is setup to be a domain controller, should
> it's local SID = the domain SID?

The SID of the Primary Domain Controler (PDC) is also the Domain's SID.

> Also, what are the requirements of a SID?

Security Identifier


> I usually see S-1-5-21-x-y-z, where x,y,z = 10 digits, but
> could x,y,z be 1,2,3 (for example)?   I.e. do they have to be
> 10 digit numbers or can they be shorter? 
> If I have a simple setup, and want a sid I can remember can I
> just make it 'short'?

No. Please consult the above article.
You don't need to "remember" the SID, you may need to keep it.

net getdomainsid

More information about the samba mailing list