[Samba] Change user SID on Samba 4.1

Rowland Penny rowlandpenny at googlemail.com
Tue Apr 28 05:58:53 MDT 2015

On 28/04/15 12:39, Daniel Carrasco Marín wrote:
> I had troubles with classicupgrade and linux machines, and i'm creating a
> new AD (for now works perfect). I want to keep the same SID of the old AD
> to avoid to move all users profiles.
> Greetings!!
> El 28/4/2015 1:07 p. m., "Andrew Bartlett" <abartlet at samba.org> escribió:
>> On Tue, 2015-04-28 at 11:27 +0200, Daniel Carrasco Marín wrote:
>>> Hi, Is there any way to change the SID of an user on Samba 4.1?. I've
>> tried:
>>> pdbedit -U newSID -u user
>>> pdbedit -u user -U newSID
>>> pdbedit --'user SID'=newSID -u user
>>> but it shows the user infor without change anything.
>> Changing a user's sid is a really bad idea, so in the AD DC (at least)
>> is is made quite difficult.
>> In particular, it is critical that it remain unique, and be removed from
>> the RID pool.  When we do a classicupgrade, we take care to ensure all
>> RID pools start above the users we import.  That is really the only time
>> it is safe to force a RID.
>> Why do you need to change it?
>> --
>> Andrew Bartlett                       http://samba.org/~abartlet/
>> Authentication Developer, Samba Team  http://samba.org
>> Samba Developer, Catalyst IT
>> http://catalyst.net.nz/services/samba

Never used it myself, but there is the provision option 
'--domain-sid=SID' . I assume that you can use this to set the domain 
SID when you provision a new domain.


More information about the samba mailing list