[Samba] error adding users to Domain Admins group during classicupgrade
Rowland penny
rpenny at samba.org
Tue May 14 08:12:59 UTC 2019
On 14/05/2019 08:44, Ruisheng Peng via samba wrote:
> Hi,
>
> I'm trying to migrate a NT4 domain under Samba3 to an AD DC under Samba4
> on a separate server. During the classicupgrade, there were a number
> warnings while importing groups:
>
> WARNING 2019-05-13 15:09:56,728 pid:25284
> /usr/local/samba/lib64/python2.7/site-packages/samba/upgrade.py #299: Could
> not add group name=Domain Admins ((68, 'Entry CN=Domain
> Admins,CN=Users,DC=ifa,DC=hawaii,DC=edu already exists'))
>
> WARNING 2019-05-13 15:09:56,729 pid:25284
> /usr/local/samba/lib64/python2.7/site-packages/samba/upgrade.py #161: Could
> not modify AD idmap entry for
> sid=S-1-5-21-280721883-191778108-123917971-512, id=512, type=ID_TYPE_GID
> ((32, "Base-DN '<SID=S-1-5-21-280721883-191778108-123917971-512>' not
> found"))
You will get errors like this because the groups will already have been
created before the users and groups are migrated, you can ignore these.
> Soon after when adding users to groups, the process bombed out with
> the following error:
>
>
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
> ProvisioningError: Could not add member
> 'S-1-5-21-2342696748-4272319941-312989834-1001' to group
> 'S-1-5-21-280721883-191778108-123917971-512' as either group or user record
> doesn't exist: Base-DN '<SID=S-1-5-21-280721883-191778108-123917971-512>'
> not found
Why does the user have a different SID to the group ?
That would make them members of different domains.
Is it like this in your old domain ?
Rowland
More information about the samba
mailing list