[Samba] Provision new domain keeping users and passwords

Andrew Bartlett abartlet at samba.org
Wed Mar 29 18:46:45 UTC 2017

On Wed, 2017-03-29 at 10:50 -0300, Jeanderson Soares via samba wrote:
> Yes, but for DC you should use tdbsam instead of smbpasswd in the "-
> e" and'
> "-i" parameters.
> After that, I had some problems with the RIDs when creating new
> users, and
> had to manually change the ridnextrid attribute.

Indeed, this is the biggest risk I would see with this approach.

The latest Samba 4.5 has some more protections against this:  If you
run dbcheck after this 'migration' it will try and correctly reset the
ridnextrid values.

You will also loose the AES kerberos keys.

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list