samba - Jun 2007 - Migrating from NT4 PDC to Windows 2003 ADS; Samba as member server

Here's the situation. We've got an old NT4 domain (not a Samba domain in
NT 4 mode) which we'll call CRUSTY. There is of course an NT4 PDC and 
several NT4 BDCs. We have some Linux/Samba file servers (Samba 3.0.1) 
that are member servers (security = domain) of the NT4 domain. We also 
have several NT4 BDCs and about 200 workstations of varying vintage 
(2000, XP) in several facilities around the world on a WAN.

We are *migrating* to a new Active Directory 2003 domain called SHINY (I 
am assuming this will imply security = ADS). We don't wish to *upgrade* 
the NT4 domain. We would like to do the migration a little at a time 
rather than all at once in order to preserve our sanity. How can we 
establish a domain trust so that a Samba server that is joined to the 
CRUSTY domain will allow access for users that are authenticated against 
the SHINY domain?

Is there a better way? (I can RTFM, but I need to know where to look.)

-Jonathan Johnson
Sutinen Consulting, Inc.
www.sutinen.com

I want to do something simmlar but I don't know how - we have a Win NT 
4.0 PDC and a Win NT 4.0 BDC.
We got a server - I can not get  Linux / Samba to work, and we may use 
windoze 2k3, but anyway, we have an old domain NT 4.0.   Call it 
OLDDOMAIN . 
I want to start a new Domain, either Windoze 2K3 or Linux / Samba and 
slowly move people over.   I think my problems stem from not joining the 
new Linux / Samba Domain properly.
I want to start a new Domain on the nework, call it CORPORATE.   I want 
to move the users over to the new domain and of course the data to that 
server.  When I get everyone moved over, I want to shut off the 
OLDDOMAIN PDC.
Is this a viable plan or am I barking up the wrong tree  ???
We have a simple environment - under 100 PC's and we never did anyting 
with Active Directory.
All our users are screwed up on the NT machine - when people would leave 
the company they would just disable the account, so we don't want to 
bring over these dead accounts -we want to create the good ones on the 
new machine.    In NT if you retire a use you could never use it again, 
so when John Jones left the company and we retired the account, when we 
hired Tom Jones, we could not create another user named jones. 
All screwed up but I want to fix it.

Jonathan Johnson wrote:

Here's the situation. We've got an old NT4 domain (not a Samba domain in
NT 4 mode) which we'll call CRUSTY. There is of course an NT4 PDC and 
several NT4 BDCs. We have some Linux/Samba file servers (Samba 3.0.1) 
that are member servers (security = domain) of the NT4 domain. We also 
have several NT4 BDCs and about 200 workstations of varying vintage 
(2000, XP) in several facilities around the world on a WAN.

We are *migrating* to a new Active Directory 2003 domain called SHINY (I 
am assuming this will imply security = ADS). We don't wish to *upgrade* 
the NT4 domain. We would like to do the migration a little at a time 
rather than all at once in order to preserve our sanity. How can we 
establish a domain trust so that a Samba server that is joined to the 
CRUSTY domain will allow access for users that are authenticated against 
the SHINY domain?

Is there a better way? (I can RTFM, but I need to know where to look.)

-Jonathan Johnson
Sutinen Consulting, Inc.
www.sutinen.com