[Samba] Provision new domain keeping users and passwords

Mike Lykov combr at samges.ru
Thu Mar 30 04:10:40 UTC 2017

29.03.2017 21:31, Jeanderson Soares via samba пишет:

> I created a user 'fred' in the old DC Domain and exported/imported to the
> new Domain (using pdbedit) and I was able to login on a windows
> machine(member of the new domain)  normally (except that the user account
> has expired).
> (old dc domain)# pdbedit -v fred
> User SID:             S-1-5-21-*3914450021-4001743833-916707020*-45772
> (new dc domain)# pdbedit -v fred
> User SID:             S-1-5-21-*1365935180-2367880061-2796624718*-45772
> The SID really changed. Maybe i can get troubles in the future.

>> If you create a new domain, it will be just that, a new domain and you
>> will need to join all your machines to it.

If you can transfer user with password to the new domain as described 
above, is this method applicable to machine's accounts?

What can i do (if i want) export/import machine accounts to the new domain?

For example, I have a machine joined to live domain DOM1, and with dns 
server DOM1.dc.com

I change dns to DOM2.dc.com, then import/export machine account to DOM2, 
(reboot the machine if needed). Is this machine was "joined" to the new 
domain already?

By the way, if I accidently delete the machine account from domain, can 
i restore it (in samba 4.5), or only rejoin it?

Mike Lykov, system administrator

More information about the samba mailing list