samba - Jun 2006 - Removing Samba+LDAP, replacing W2k3+AD

Four years ago, I migrated our network from Windows NT based servers to
Linux, Samba+LDAP based setups.  This setup has worked fine.  Last year,
we replaced our Exchange 5.5 server - the last "real" Windows  server
-
with Scalix.  This last decision has come back to bite me.

Several new "thingys" that the boss wants, among other things, are
forcing me to implement Exchange 2003.  Because I know that Exchange
2003 requires AD and my company has three offices separated by a WAN,
I'm going to be forced to rip out my Samba underpinnings.  The fact is,
I don't know the best way to accomplish this.

I know the one way that this will work is to bring up an AD domain
beside the Samba domain and move things around by hand - but that is
going to cause a unbelievable nightmare with user profiles, and machine
accounts, and all the other crap that goes along with being part of a
domain.

So my question is this:  Can I bring up a Windows 2k3 machine as a
member server in the Samba domain.  Promote it to become an AD Domain
Controller in mixed mode - retaining the domain SID, user and machine
accounts and such so that I do not have to touch my workstations?


--
Kevin L. Collins, MCSE
Systems Manager
Nesbitt Engineering, Inc.

Please note my new email address: kcollins@nei-ky.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Collins, Kevin wrote:
> So my question is this:  Can I bring up a Windows 2k3 
> machine as a member server in the Samba domain.  Promote it
> to become an AD Domain Controller in mixed mode - retaining
> the domain SID, user and machine accounts and such so
> that I do not have to touch my workstations?
Nope.  Sorry.







cheers, jerry
====================================================================Samba       
------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEjrhKIR7qMdg1EfYRAhx+AKCx2qY6joftcfChbLB+0FDMrptf7gCffdP2
7VxkIcxUiJtahl0HKHpsTRw=v4vS
-----END PGP SIGNATURE-----

Collins, Kevin wrote:
> Four years ago, I migrated our network from Windows NT based servers to
> Linux, Samba+LDAP based setups.  This setup has worked fine.  Last year,
> we replaced our Exchange 5.5 server - the last "real" Windows 
server -
> with Scalix.  This last decision has come back to bite me.
>
> Several new "thingys" that the boss wants, among other things,
are
> forcing me to implement Exchange 2003.  Because I know that Exchange
> 2003 requires AD and my company has three offices separated by a WAN,
> I'm going to be forced to rip out my Samba underpinnings.  The fact is,
> I don't know the best way to accomplish this.
>
> I know the one way that this will work is to bring up an AD domain
> beside the Samba domain and move things around by hand - but that is
> going to cause a unbelievable nightmare with user profiles, and machine
> accounts, and all the other crap that goes along with being part of a
> domain.
>
> So my question is this:  Can I bring up a Windows 2k3 machine as a
> member server in the Samba domain.  Promote it to become an AD Domain
> Controller in mixed mode - retaining the domain SID, user and machine
> accounts and such so that I do not have to touch my workstations?
>
>   
I really curious what features of Exchange 2003 you have to have.  We 
started with Exchange 5.5, migrated to Oracle Collaboration Suite.  
Threw that out and now use E-Groupware for collaboration with LDAP and 
Samba for the rest.  We also use open source for our phone system so 
integrating it all together hasn't been bad.

Hate to see someone go the other direction :)

Mark

Hi Collins,

I think you can do this but it would be easier if you
try to upgrade a windows server instead of install a
windows server.
I will explain:

- samba server is compatible with windows NT 4 domain,
so install a windows NT 4 BDC in your samba domain
- with thi done, tested and approved - upgrade this
windows NT 4 BDC to windows 2003 domain controller.

I think that if you try to install windows 2003 as a
domain controller of your samba's domain you will get
problem when w2k3 starts the syncronization process
and try to copy/replicate the domain objects.

Marcos

--- "Collins, Kevin" <kcollins@nei-ky.com> escreveu:
> Four years ago, I migrated our network from Windows
> NT based servers to
> Linux, Samba+LDAP based setups.  This setup has
> worked fine.  Last year,
> we replaced our Exchange 5.5 server - the last
> "real" Windows  server -
> with Scalix.  This last decision has come back to
> bite me.
> 
> Several new "thingys" that the boss wants, among
> other things, are
> forcing me to implement Exchange 2003.  Because I
> know that Exchange
> 2003 requires AD and my company has three offices
> separated by a WAN,
> I'm going to be forced to rip out my Samba
> underpinnings.  The fact is,
> I don't know the best way to accomplish this.
> 
> I know the one way that this will work is to bring
> up an AD domain
> beside the Samba domain and move things around by
> hand - but that is
> going to cause a unbelievable nightmare with user
> profiles, and machine
> accounts, and all the other crap that goes along
> with being part of a
> domain.
> 
> So my question is this:  Can I bring up a Windows
> 2k3 machine as a
> member server in the Samba domain.  Promote it to
> become an AD Domain
> Controller in mixed mode - retaining the domain SID,
> user and machine
> accounts and such so that I do not have to touch my
> workstations?
> 
> 
> --
> Kevin L. Collins, MCSE
> Systems Manager
> Nesbitt Engineering, Inc.
> 
> Please note my new email address:
> kcollins@nei-ky.com
> -- 
> To unsubscribe from this list go to the following
> URL and read the
> instructions: 
> https://lists.samba.org/mailman/listinfo/samba
> 

__________________________________________________
Fale com seus amigos  de gra?a com o novo Yahoo! Messenger 
http://br.messenger.yahoo.com/

On Tue, 2006-06-13 at 15:24 +0000, marcos rocha wrote:
> Hi Collins,
> 
> I think you can do this but it would be easier if you
> try to upgrade a windows server instead of install a
> windows server.
> I will explain:
> 
> - samba server is compatible with windows NT 4 domain,
> so install a windows NT 4 BDC in your samba domain
This will not work, samba3 does not support native NT4 replication
mechanism unfortunately, so an NT4 BDC will not help you out.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra@samba.org
http://samba.org

Collins, Kevin wrote:
> Four years ago, I migrated our network from Windows NT based servers to
> Linux, Samba+LDAP based setups.  This setup has worked fine.  Last year,
> we replaced our Exchange 5.5 server - the last "real" Windows 
server -
> with Scalix.  This last decision has come back to bite me.
You may find it is more cost justified to replace Scalix with some
other opensource exchange.  I can't find my reference links right
now, but there have lately been breakthroughs in compatibility
from multiple organizations.

Regards, Doug

> So my question is this:  Can I bring up a Windows 2k3
> machine as a member server in the Samba domain.  Promote 
> it to become an AD Domain Controller in mixed mode - 
> retaining the domain SID, user and machine accounts 
> and such so that I do not have to touch my workstations
Oh, that sounds like an exercise in banging your head against the wall.

I have done similar migrations. You will want to use Microsoft's Active
Directory Migration Tool. You'll also want to investigate the moveuser.exe
utility available from Microsoft. Both can be downloaded from Microsoft.com.
I've written extensively on the forums how to use these to go from Samba to
ADS; search for it. Keywords to look for:

* Active Directory Migration Tool
* ADMT
* Jonathan Johnson (hey! That's me!)
* moveuser or moveuser.exe (may or may not be useful)

The big advantage of ADMT is that it will migrate user permissions and profiles
such that the migration is relatively transparent to the users.

Once you've found & read the documentation, feel free to drop me a line
if you have any more questions. (If it's obvious to me that you didn't
read the docs, I might not respond. :-)

-Jonathan Johnson
jon@sutinen.com