No subject

Thu Jun 10 02:36:45 MDT 2010

machine (just with an updated OS and hardware.)

You are not promoting/demoting domain controllers, and you don't have two
DC's active at the same time.   

-----Original Message-----
From: samba-bounces at [mailto:samba-bounces at]
On Behalf Of Michael Deutschmann
Sent: Tuesday, June 15, 2010 8:51 PM
To: samba at
Subject: [Samba] Transferring PDC responsibility without LDAP

I'm using a NT4-style domain on my home network, with Samba 3.5.3 acting
as PDC.  I would like to transfer PDC responsibilty to a different
GNU/Linux machine so I can retire the original PDC.

With Windows DCs, I understand this is simple -- just create a BDC,
promote it, and remove the old.  However, an analogous approach would be
problematic here, because in Samba going from one DC to two is a massive
increase in complexity.  (Because of the LDAP requirements)

I suspect it might work, in this case, to do what the HOWTO expressly
forbids, which is to invoke "net rpc getsid" without configuring LDAP.
If I shut down the old server before starting smbd on the new, I should
avoid the synchronization risk.

The sequence would be:

1. Create configuration file on new PDC broadly similar to the old.

2. Clear out any lingering .tdb files on the new PDC from past test runs
of smbd there as an isolated server.  (smbd is not running at this

3. Run net rpc getsid on the new PDC.

4. Make sure all clients are logged out.

5. Shut down smbd/nmbd on the old PDC, hopefully for good.

6. Copy old PDC's profile directories and passdb.tdb to the new PDC.

7. Use pdbedit to update the profile directory location for each user.

8. Start smbd/nmbd on the new PDC.

9. Start logging in from clients again.


---- Michael Deutschmann <michael at>

To unsubscribe from this list go to the following URL and read the

More information about the samba mailing list