<div>Thanks for the info. I think that we will just run around and rejoin or put out a letter for the teachers to walk through the process and then change the Admin account password when finished.</div> <div> </div> <div>Sincerely,</div> <div> </div> Ronald R. McDaniel Conecuh County Schools (251) 578-7073 x26 (251) 230-0658 cell <A href="mailto:rmcdaniel@indata.us">rmcdaniel@indata.us</A> <BLOCKQUOTE style="PADDING-LEFT: 8px; MARGIN-LEFT: 8px; BORDER-LEFT: blue 2px solid"> -------- Original Message -------- Subject: Re: [K12OSN] migrating machine accounts to new server From: Brian Chivers <brian@portsmouth-college.ac.uk> Date: Thu, August 04, 2005 4:56 am To: "Support list for opensource software in schools." <k12osn@redhat.com> rmcdaniel@indata.us wrote: > Has anyone tried to migrate machine (computer) accounts from an old > server to a new one? Is this possible? I hate to have to go around and > have 500 xp boxes rejoin the new domain controller. I am replacing an > older redhat server with a new one. > > > Thanks, > > Ronald R. McDaniel > Conecuh County Schools > (251) 578-7073 x26 > (251) 230-0658 cell > rmcdaniel@indata.us <mailto:rmcdaniel@indata.us> > > > ------------------------------------------------------------------------ > > _______________________________________________ > K12OSN mailing list > K12OSN@redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see <http://www.k12os.org> I tried (you might guess what's coming next) to migrate all my machine accounts from a Samba 2.2.x system using smbpasswd backend to our new system. I used the pdbedit command to transfer everything from the smbpasswd backend into the LDAP and it looked OK but a test machine couldn't login, so I looked and it appeared that the even through I'd set the SID the same on both server the last 5 digit's which I presume are the unique identifier for the machine we different, after looking at the old system I thought I'd worked out that the last 5 digits were actually based on the machines account UID so I altered all the SID's stored in the LDAP computers group to reflect this using a bit of scripting and one the test machine it seemed OK, tried another machine and it seemed OK BUT when I rolledi t out across college (500 + Win2K boxes) it all went to badly wrong. The long and the short of it is that we're now visiting all the machines and rejoining them to the domain !!!! I think if your using the same backend eg old server = LDAP and new server = LDAP you'd be OK is you did a dump of the LDAP and then imported it to the new server. You'd also have to set the SID's to the same value on both servers. I'd be tempted to set this BEFORE I ran the installer script, that way you don't have to alter anything in all the scripts such as smbldap-useradd etc. If you want to know how to set the SID let me know, it's really really easy. My advice if you can do this is to build the server, setup a isolated test network and TEST TEST TEST with quite a few machine off your existing network, you can't have two servers on the same network with identical SID's, not sure what would happen but I think it would be bad *grin* Brian Chivers Portsmouth College --------------------------------------------------------------- The views expressed here are my own and not necessarily the views of Portsmouth College _______________________________________________ K12OSN mailing list K12OSN@redhat.com https://www.redhat.com/mailman/listinfo/k12osn For more info see <http://www.k12os.org> </BLOCKQUOTE>