Ian Clancy
2005-Jun-16 18:09 UTC
[Samba] Exchange 5.5 not seeing new Domain accounts - lsass.exe searching local SAM
Hi, First of all, The problem i am having is not directly related to Samba. So apologies, however there are a lot of people on this list who know a good deal about how windows (and related technologies) work so i'm hoping they can shed some light on the matter. Background : I successfully completed a migration from a Windows NT4 Domain to s Samba domain with LDAP backend about 2 months. The old NT4 PDC also hosted an exchange 5.5 sp4 email server so i could not just rubbish it. Once the migration was complete i used a tool called UPromote to demote the old PDC and rejoined it to the new domain (Same Domain Name). All appeared to work well... However, When a added new account to the system they could not access their email using their domain account whereas existing accounts were working fine. The mail server reported this error (from event log): ---------- A logon attempt failed because an attempt to look up Windows NT account information failed. Error 1332. ---------- The new accounts worked perfectly in every other sense. Even at the old PDC i could log on with the new accounts, see the new accounts in usrmgr.exe, and select them as the Primary Windows NT account for the associated mailbox in the Exchange admin program. So i though, Maybe exchange is somehow looking on the old PDC for account data. I was able to confirm my suspicion using an application called regmon which records access to the registry. From the following out put i can see the lsass.exe program searching the SAM portion of the registry for the user account. Output using the regmon utility ------- 20490 160.25828604 lsass.exe:48 OpenKey HKLM\SAM\SAM\DOMAINS\Account\Groups\00002F6A NOTFOUND 20491 160.25839958 lsass.exe:48 OpenKey HKLM\SAM\SAM\DOMAINS\Account\Aliases\00002F6A NOTFOUND 20492 160.25852070 lsass.exe:48 OpenKey HKLM\SAM\SAM\DOMAINS\Account\Users\00002F6A NOTFOUND ----- Finally (and thanks for your patience :) ). How do i get Exchange (or lsass.exe) to search the domain for accounts and not the local registry (HKEY_LOCAL_MACHINE) ?. Any suggestion welcome, thanks -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:clancyian@cel.ie W : http://www.cel-europe.com
Maybe Matching Threads
- Migration: server with smb 2.2 -> new server, 2.2 too, weird issues
- Domain trust between Samba 3.5.9 and Windows 2008 Active Directory crashes lsass.exe which makes AD Domain Controller reboot
- Re: installing software on Win2k workstations
- Migrating from NT4 to Samba/LDAP - Demoting PDC to domain member
- local user admin rights on samba pdc
Wisdom of the Ancients
