[Samba] samba 4 migration (doamin admins & domain users renamed)
Trenta sis
trenta.sis at gmail.com
Mon Oct 17 12:34:32 UTC 2016
Hi,
I have checked sambaSID (from samba-ldap 3) and compared with ObjectSID in
samba 4 (after migration) and this value is the same, without any
difference.
For me it is not a problem, but if in the futur I'will keep old name, I can
rename this group after the migration is make...?
Thanks
2016-10-11 10:45 GMT+02:00 Marc Muehlfeld <mmuehlfeld at samba.org>:
> Hi,
>
> Am 11.10.2016 um 09:58 schrieb Trenta sis via samba:
> > I'm trying to migrate a samba 3 domain, and I have detected that our
> domain
> > users and doamin admins are migrated/renamed during migration, we have
> this
> > grousp in other language than english and ater migration are migrated to
> > domain admin and domain users.
> > Members of this groups are migrated correctly, only question is this
> change
> > in name could genereate a problem and if this is an issue or I can
> ignore?
>
>
> if your well-known groups use the official security identifiers [1] in
> your NT4 domain, they will be identical in AD, because the groups are
> recreated and populated by samba-tool.
>
> However, I saw installations where the Admin created the two groups with
> {Domain-SID}-{Random-RID} instead of:
>
> Domain Admins:
> S-1-5-21-{Domain-SID}-512
>
> Domain Users:
> S-1-5-21-{Domain-SID}-513
>
> In this case, the objectSID is different and thus it's a different
> group. To fix:
> - Create the groups with the correct objectSIDs (don't rename the
> attribute. Otherwise it's a different group for your clients).
> - Switch the groups to the new ones wherever you used it.
> - Remove the groups with the wrong objectSID.
> - Start the migration.
>
> I will add this to the Wiki page later this week. I have this one anyway
> on my list for a major update.
>
>
> Regards,
> Marc
>
> [1] https://support.microsoft.com/en-us/kb/243330
>
More information about the samba
mailing list