[Samba] Domain SID

Robert Marcano robert at marcanoonline.com
Wed Jan 6 18:38:03 UTC 2021

sOn 1/6/21 1:51 PM, Sonic via samba wrote:
> On Wed, Jan 6, 2021 at 12:36 PM Dale via samba <samba at lists.samba.org> wrote:
>> When moving from a classic domain to a Samba AD, I think it wise to
>> follow Rowland's logic and provision a new domain to avoid all the GID
>> issues.  UID's don't appear to be a problem, as they already exist in
>> the recommended range.  However, I don't really want to copy all the
>> local profiles to what Windows thinks are new domain users due to the
>> new SID.  So, is there a way to get the best of both worlds and set the
>> SID during provisioning or change it later?
> I had no serious issues doing a couple of classic upgrades so I don't
> think it's something to fear.
> However I have wondered about doing a new provision with a small
> number of network users and setting the domain-sid to be identical, as
> well as setting the user sid's identically when adding the users. Not
> sure if anyone has tried this but it seems on paper that it should
> work and the previous classic domain users should get their previous
> profiles when logging on.

Same here. None of my upgrades from classic domains to AD required a new 
provision. If you understand how id mapping works and use the correct 
one for your environment, and have no problems with doing some scripting 
to set the correct UID's or GID's on AD if needed and to change file 
ownerships and ACLs to the new values, you will enjoy not having to 
start from zero.

But on the other hand, it the domain is small you will have less work if 
you start from scratch.

More information about the samba mailing list