samba - Dec 2004 - maintaining samba uid and gid in nt to ad migration

What is the best method for migrating the samba/winbind uid/gid when 
moving from an nt4 domain to windows 2003 ad?

I have multiple samba 3.x servers running in an nt4 domain.  All 
machines use "idmap uid = 10000-20000" and "idmap gid =
10000-20000" in
smb.conf using winbind to maintain security on files and folders.  When 
I move my samba 3.x test servers from nt4 domain to 2003 ad the uid/gid 
doesn't match, and thus all security is lost.

I have read about using an ldap backend to maintain a single mapping 
between machines, but this would seem to be to late in my case since 
the machines already have different uid/gid between them.

Thanks,

Paul Smith

we used tdbedit and perl to script our domain consolidation sid to uid
mappings. The other possibility is to use getfacl and setfacl to store
your file rights to a text file and replay them once you are migrated.
since getfacl and setfacl use names and not uid's the moved system
should resolve the username to the new correct uid/sid.

Chuck