0

I've had trouble changing the Domain SID of my SAMBA 4 Domain Controller to an old one. Let's say S-1-5-21-3307158569-4287292154-27117666 is the SID I want to set. I use the following command:

net setdomainsid S-1-5-21-3307158569-4287292154-27117666

However this does not change. I have tried stopping all services and changing the SID but still no change unfortunately. I still getting the old SID:

root@dc1:/var/lib/samba# net getdomainsid
SID for domain COMPANY is: S-1-5-21-3307158569-4287292154-27117854

I've also tried moving the secrets.tbd file but this did not resolve the issue either.

Could you help me out changing the domainSID to the one I want.

Kind regards

Unborn
  • 3
  • 1
  • 2

1 Answers1

0

Try:

  • Stop Samba
  • Backup and delete secrets.tdb
  • Instead of net setdomainsid use net setlocalsid.
  • Check result with net getdomainsid
  • Start Samba
vic
  • 973
  • 1
  • 10
  • 22
  • Thanks for the reply, but net setlocalid only changes the server SID if I understand correctly. it won't change the SID for the domain? – Unborn Jan 10 '16 at 10:34
  • I did as you suggested. The domainSID did not change however. Only the LocalSID changed. – Unborn Jan 10 '16 at 10:42
  • I see you're running the samba-ad-dc service. That one is only appropriate for AD style DCs. In your title, you mentioned a PDC which is an NT style DC (and you need to start smbd, nmbd and winbindd, instead of samba-ad-dc). For a PDC, localsid is equal to domainsid. For an AD DC, you are doing something wrong if you're manually trying to change the SID. – vic Jan 10 '16 at 10:53
  • Thanks for the clarification. I'm new to all of this. I'm in fact trying to replicate a Windows 2012 Domain Controller which is a PDC for the domain "company.local". I am trying to manage all of this through a linux Domain Controller including pushing out Group Policies. – Unborn Jan 10 '16 at 11:06
  • Can you tell me in which situation using ['net setdomainsid'] is appropriate? – Unborn Jan 12 '16 at 08:10