[Samba] Yet another "Can I change user's SID" question

George jorgito1412 at gmail.com
Wed Jan 28 15:08:41 MST 2015

Good evening team,

I have read lots of topics and posts explaining why you *shouldn't*
manually change a user's SID on the databases, and I agree with the
"phylosophical" reasons behind it, let's say.

Now, what happens if besides all the warnings you still do it?? What else
might break, considering that we are careful enough to not enter a
duplicate, or obvious errors? I understand that ldbedit does not even let
you do it, but that can be easily "tweaked" on the source code.

The reason behind this question is the usual "accidentally deleted user".
In this case it was no big deal, a new user was created and profiles
migrated, but what would have happened if a new user was created and then
assigned the SID of the previous user? I tried this on a lab machine with a
"tweaked" ldbedit and nothing seems to break (or at least not as badly so
as to realize in 5 minutes of testing). This is Samba 4.1.x DC with no

Best regards!


More information about the samba mailing list