hi everybody I'm thinking I'll grab whole lot of my ldap backend and change SID - what will this cause to workstation/machine members? I'm guessing users account should be fine and people would be able to log in but machine would probably have to rejoin (if I can call it that, because domain name is different). You probably already see what I'm hoping I can do - I hope I can keep as much as possible and move, migrate to another domain. Interdomain trust does not help here, it does not actually migrate/sync users/machines between two domains, right? How do you do migrate to another domain(samba+ldap)? regards. L.
Hello, Am 21.03.2016 um 17:45 schrieb lejeczek:> I'm thinking I'll grab whole lot of my ldap backend and change SID - > what will this cause to workstation/machine members? > I'm guessing users account should be fine and people would be able to > log in but machine would probably have to rejoin (if I can call it that, > because domain name is different).If you change the domain SID, everything is affected, because you're having a new domain. This means all workstations need to be rejoined. Also if your domain users are linked e. g. on Windows ACLs or are members of local groups, etc. this won't be resolved any more and needs to be fixed. What is the reason for this? Regards, Marc
On 23/03/16 19:40, Marc Muehlfeld wrote:> Hello, > > Am 21.03.2016 um 17:45 schrieb lejeczek: >> I'm thinking I'll grab whole lot of my ldap backend and change SID - >> what will this cause to workstation/machine members? >> I'm guessing users account should be fine and people would be able to >> log in but machine would probably have to rejoin (if I can call it that, >> because domain name is different). > If you change the domain SID, everything is affected, because you're > having a new domain. This means all workstations need to be rejoined. > Also if your domain users are linked e. g. on Windows ACLs or are > members of local groups, etc. this won't be resolved any more and needs > to be fixed. > > What is the reason for this?I have to change both samba workgroup name & DN under which all samba resides in ldap, and I hope I can preserve as much as possible. I there a best practice for this? many thanks. L.> > Regards, > Marc > >