Hoover, Tony
2012-Dec-20 20:06 UTC
[Samba] Migrate samba3.5 classic domain to Windows2008R2
I have a Samba 3.5.20 domain controller that provides logins and profiles for our Windows XP computer labs on campus. In earlier testing, we encountered performance issues with Windows 7 logins. Although that has now been resolved, management is discourged from continuing to use Samba as a domain controller. I have now been tasked with migrating our classic academic domain to Windows 2008R2 Active Directory. Most of the documentation I have found on the subject is several years old and involves creating a new domain and then migrating users/workstations from the classic domain to the new AD. I'd prefer to not create another domain. I have ~150 users & workstations, 30 domain groups, 5 local groups, and an interdomain trust (to a 2003AD) to allow some administrative users access to some academic resources. What is the simplest/cleanest method to accomplish the migration? What precautions do I need to take to make sure I can get back to the current setup if migration experiments fail? --- CONFIDENTIALITY WARNING: Pseudo-legal disclaimers do not buy you or your employer any legal recourse for leaked information. E-mail messages should never contain privileged or confidential information. Always treat e-mail as "public".
Adam Tauno Williams
2012-Dec-20 21:33 UTC
[Samba] Migrate samba3.5 classic domain to Windows2008R2
On Thu, 2012-12-20 at 14:06 -0600, Hoover, Tony wrote:> Most of the documentation I have found on the subject is several years old > and involves creating a new domain and then migrating users/workstations > from the classic domain to the new AD. I'd prefer to not create another > domain.AFAIK, Microsoft no longer provides any means to upgrade from an NT domain. All the tools are deprecated, and they don't like to run on current servers. At least that is what I found.> I have ~150 users & workstations, 30 domain groups, 5 local groups, and an > interdomain trust (to a 2003AD) to allow some administrative users access to > some academic resources. > What is the simplest/cleanest method to accomplish the migration? What > precautions do I need to take to make sure I can get back to the current > setup if migration experiments fail?It is actually pretty simple. (a) Provision a LINUX host (b) Install Samba4 (c) Perform and Samba3 -> Samba4 domain upgrade. This will migrate you data from the Samba3 NT domain to an Active Directory domain. (d) Promote a Windows 2008 server to be a DC (e) Demote the Samba4 as DC You are now on Active Directory with a Windows 2008 DC. You'll have to recreate your trust accounts, I assume. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA