Jonathan Johnson
2005-Jun-15 15:09 UTC
[Samba] Re: Migrating domain from Samba 3 to Windows 2003 (here's how to do it)
Ben S. wrote:>Hi Jonathan, > >I saw your post in the linux.samba newsgroups with the above topic heading. >Looking through the posts I could not see any replies. > >We also have a customer with the exact same requirements, and I though that >I would quickly ping you to see if you had any luck with migration. > >Any experiences of suggestion are appreciated in advance, >Ben > >Yes, I successfully migrated from Samba 3 to Windows 2003. I used the Active Directory Migration Tool from Microsoft; it's on the Windows Server 2003 CD (I don't remember exactly where, but look for ADMT). There are a few things that will make the ADMT fail, so be aware of them: 1) Set up a DNS server that's authoritative for your new 2003 domain (this will typically be in the first domain controller, but doesn't have to be). Then in your servers' and workstations' TCP/IP configuration, add it as the first DNS server. Also, make sure that "DNS suffix for this connection" is blank. This setting is in the advanced TCP/IP properties DNS tab; in 98, in the DNS tab, leave the domain blank. If it's not blank, things will fail. 2) Migrate user accounts before migrating machine accounts. You will be able to preserve SID history, so that users will have the same rights as before. Migrating from Samba to 2003, you won't be able to migrate passwords as you would if you were running an NT domain to begin with. 3) The domain "administrator" passwords of the old and new domain, and the local administrator passwords of the workstations MUST be the same. This is not required for user migration, but machine account migration will fail if they are not. 4) Disable any firewalls (inc. the Windows firewall) on any workstations that will be migrated. 5) ADMT supports test modes. Always test before running, and resolve any issues before proceeding! Note that a test will ALWAYS fail, because it can't actually migrate the accounts yet. You'll have to look for other errors besides these. 6) When migrating machine accounts, file security can be updated on the migrated workstations to match the new domain IF you chose to preserve SID history. This means your user profiles will also be migrated. If you manually create user accounts without migration, SID history will not be preserved and file security won't be migrated; you'll have to manually do it at the workstation after the migration. Here's a link to a post I made on the subject: http://lists.samba.org/archive/samba/2005-April/103743.html Good luck. It won't be painless, but in general, the process went smoother than I had hoped for. The first time I did it was actually a Windows NT4 to Windows 2003 domain migration, and including troubleshooting (learning the above) took about four hours for 13 workstations and one domain controller. Knowing the above, it probably would have taken only two hours. Later on, I successfully migrated a domain from Samba 3 to Windows 2003. The ADMT also seems to work for migrating to/from Small Business Server domains, which do not support trusts. -- --Jon Johnson Sutinen Consulting, Inc. www.sutinen.com
Possibly Parallel Threads
- HOW TO: Migrating users' locally-stored profiles from one domain or workgroup to a new domain
- Migrating domain from Samba 3 to Windows 2003
- Migrating user accounts Samba 3.5.3 to Windows 2003 (2008)
- Migrating from NT4 PDC to Windows 2003 ADS; Samba as member server
- Re: Samba to ADS 2003