On Thu, 21 Mar 2019 15:17:03 +0000
Piers Kittel via samba <samba at lists.samba.org> wrote:
> > That explains it a bit further, Samba (and Windows) uses the SID to
> > identify the domain, so user 'kit' with the SID-RID of
> > S-1-5-21-3690213834-1721161859-1610588051-1116 isn't the same user
> > as 'kit' with the SID-RID of
> > S-1-5-21-456595659-2484967225-2845901235-1104 That is from a
> > Windows perspective, how Unix treats them depends on how you are
> > using Samba, so I think it is time we saw your smb.conf, so please
> > post it. Rowland
> Rowland,
>
> Thanks for this.
>
> # Global parameters
> [global]
> netbios name = DOMAIN-AD
> realm = DOMAIN2.INTRANET
> workgroup = DOMAIN2
> dns forwarder = 192.168.0.1
> server role = active directory domain controller
>
It is a DC, so if you set up a new DC, then it will be exactly that, a
new DC and your users from one will NEVER be the same users.
Do you still have the old DC ?
If you do, then the easiest way to fix this would be to stop Samba on
your new DC. Purge Samba from the new DC, then reinstall Samba and
join it to the old DC as a new DC with 'samba-tool domain join'. Sync
idmap.ldb & sysvol to the new DC, then sync the data to the new DC,
you should then find that all your files have the correct owners. You
can then demote the old DC and turn it off.
Rowland