On Thu, 16 Nov 2017 18:51:19 -0200 Elias Pereira <empbilly at gmail.com> wrote:> Yes, as I mentioned, I will use another dns domain. :) > > In the old domain was provisioned with the option --use-rfc2307. I > believe that it is the attributes that you mention? If so, can I > migrate the users to the new DC, so that they have the same ID? >No, all '--use-rfc2307' does is give you the possibility of using RFC2307 attributes, so If you didn't add anything to the users or groups objects in AD (with ADUC, for instance), then there is every chance your users will get different xidNumbers on the new DC and no chance of them being used on a Unix domain member. Rowland
In a nutshell, I will have to re-put all users in the domain again. :( Rowland, do you have any tips or best practices to do that? Something you do if it appears some infrastructure like mine. On Thu, Nov 16, 2017 at 7:23 PM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Thu, 16 Nov 2017 18:51:19 -0200 > Elias Pereira <empbilly at gmail.com> wrote: > > > Yes, as I mentioned, I will use another dns domain. :) > > > > In the old domain was provisioned with the option --use-rfc2307. I > > believe that it is the attributes that you mention? If so, can I > > migrate the users to the new DC, so that they have the same ID? > > > > No, all '--use-rfc2307' does is give you the possibility of using > RFC2307 attributes, so If you didn't add anything to the users or > groups objects in AD (with ADUC, for instance), then there is > every chance your users will get different xidNumbers on the new DC and > no chance of them being used on a Unix domain member. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Elias Pereira
On Fri, 17 Nov 2017 09:48:14 -0200 Elias Pereira <empbilly at gmail.com> wrote:> In a nutshell, I will have to re-put all users in the domain again. :( > > Rowland, do you have any tips or best practices to do that? Something > you do if it appears some infrastructure like mine. >Yes, it is called the Samba wiki ;-) https://wiki.samba.org/index.php/Main_Page Any questions, please ask . Rowland
On Fri, 2017-11-17 at 09:48 -0200, Elias Pereira via samba wrote:> In a nutshell, I will have to re-put all users in the domain again. :(The Tranquil IT folks seem to have become pretty experienced at this. You really want to keep the SIDs the same. In the long term I would love for Samba to support domain renames directly, but it is a big job. Less effort but still a fair chunk of work is going via Windows and renaming it there (we currently fail to replicate back domains with a non-zero epoch). Sorry, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba