[Samba] How to change objectSid?

[Michael Brown]

On 14-02-05 04:17 PM, Andrew Bartlett wrote:
> Yes, I like that solution. I'm going to do it in that way.
>
> The only remaining issue are the new workstations. I'll need to copy
> the new machines from S3 to S4. If we don't do it, it's not a serious
> issue, but it would be great. I think our client is not going to buy a
> lot of machine in the middle of the migration :)
> It should be pretty easy to rejoin those machines, if that helps avoid
> another special case to handle.
Speaking as someone who had to delete a bunch of computer accounts prior
to his 3→4 migration and rejoin them to the realm afterwards (yeah… a
lot of them had duplicate SIDs or a blank last part of the SID
(interpreted as -0)), rejoining them is pretty easy and works just fine.

You could even precreate the accounts or delegate that right.

As long as the domain SID isn't changing you should be fine.

M.

-- 
Michael Brown               | `One of the main causes of the fall of
Systems Consultant          | the Roman Empire was that, lacking zero,
Net Direct Inc.             | they had no way to indicate successful
☎: +1 519 883 1172 x5106    | termination of their C programs.' - Firth