[Samba] Change user SID on Samba 4.1
Rowland Penny
rowlandpenny at googlemail.com
Tue Apr 28 05:58:53 MDT 2015
On 28/04/15 12:39, Daniel Carrasco Marín wrote:
> I had troubles with classicupgrade and linux machines, and i'm creating a
> new AD (for now works perfect). I want to keep the same SID of the old AD
> to avoid to move all users profiles.
>
> Greetings!!
> El 28/4/2015 1:07 p. m., "Andrew Bartlett" <abartlet at samba.org> escribió:
>
>> On Tue, 2015-04-28 at 11:27 +0200, Daniel Carrasco Marín wrote:
>>> Hi, Is there any way to change the SID of an user on Samba 4.1?. I've
>> tried:
>>> pdbedit -U newSID -u user
>>> pdbedit -u user -U newSID
>>> pdbedit --'user SID'=newSID -u user
>>>
>>> but it shows the user infor without change anything.
>> Changing a user's sid is a really bad idea, so in the AD DC (at least)
>> is is made quite difficult.
>>
>> In particular, it is critical that it remain unique, and be removed from
>> the RID pool. When we do a classicupgrade, we take care to ensure all
>> RID pools start above the users we import. That is really the only time
>> it is safe to force a RID.
>>
>> Why do you need to change it?
>>
>> --
>> Andrew Bartlett http://samba.org/~abartlet/
>> Authentication Developer, Samba Team http://samba.org
>> Samba Developer, Catalyst IT
>> http://catalyst.net.nz/services/samba
>>
>>
>>
Never used it myself, but there is the provision option
'--domain-sid=SID' . I assume that you can use this to set the domain
SID when you provision a new domain.
Rowland
More information about the samba
mailing list