[Samba] Samba DC: Unable to convert first SID / NT_STATUS_INVALID_SID
Rowland Penny
rpenny at samba.org
Sun Nov 7 15:50:24 UTC 2021
On Sun, 2021-11-07 at 15:35 +0000, Gyrfalcon via samba wrote:
> It turns out I missed the step of [synchronizing idmap.ldb][1] from
> the original DC to the new DC. Once I did that, the errors have gone
> away and members now work correctly when communicating with the new
> DC.
Yes, that would do it.
>
> That does raise a question, though. I plan to decommission the old
> DC. Once I do that, will the new DC be able to allocate new UID
> numbers in its own idmap.ldb?
Provide you transfer all the FSMO roles to the new DC, you shouldn't
have any problems when you demote the old.
However, I will reiterate, I would never use any Samba AD DC that uses
MIT in production, there are just too many problems.
> I am not sure I understand why sid_to_xid was returning
> NT_STATUS_NONE_MAPPED instead of just allocating a new UID for
> computer accounts.
Possibly they were already mapped ???
Rowland
More information about the samba
mailing list