Hi, We have an old domain with a samba-3 PDC and LDAP backend in our HQ and two BDC in our branch offices. Since we don't use the domain in our HQ anymore and one of the branches will be moved to our new domain (2003/2008) I'm thinking about decomissioning the PDC and promote both BDCs as PDC for their branch offices and networks. I would also get rid of LDAP. Changing the backend to tdbsam and converting the data with pdbedit isn't that problem but how to do it all without impact? :) Cheers Matthias -- --- Matthias Grimm Systemadministrator VKF Renzel GmbH, Im Geer 15, D-46419 Isselburg Fon: +49-2874-910-323 mailto:mgr at renzel.it / http://www.vkf-renzel.de Rechtsform: GmbH, Sitz: Isselburg, AG Coesfeld, HRB 8004, Geschaeftsfuehrer: Heinz Renzel, Ansgar Huegging, Joachim Ostendorf Five exclamation marks, the sure sign of an insane mind. (Terry Pratchett) <Aoi-chan> everyone's first vi session. ^C^C^X^X^X^XquitqQ!qdammit[esc]qwertyuiopasdfghjkl;:xwhat
Client machines shouldn't care if if the DC is a PDC or BDC. Are the sites currently linked via VPN? Will they no longer be linked via VPN? Will each site have the same domain name ? If the two sites are linked somehow you want to make sure you use a WINS server on each site to make sure clients do NOT connect to the "wrong" PDC. Also, machines that have authenticated to a DC will need to reboot if that DC is decommisioned. Have you tried a test export of the account database from ldap to tdb yet? I found when I went from TDB to LDAP not all records were exported. I had to use "pdbedit -w" to dump data to a text file and then run some scripts to recreate/ reimport missing records/fields into ldap. I don't know if you can configure a BDC with an LDAP backend so you would be switching the BDC's to TDB and promoting them to PDC's in the same step. You may want to try to break the steps up a little by running LDAP servers on the BDC's so you can promote the BDC's to PDC's on week, then convert them to TDB on another week. I personally like ldap backend a lot better than TDB because I have the option to edit/create records with an ldap editor. THis was useful when I wanted to delete the profile field on some accounts- I don't think there was that option with TDB. On 01/05/2011 07:59 AM, Matthias Grimm wrote:> Hi, > > We have an old domain with a samba-3 PDC and LDAP backend in our HQ > and two BDC in our branch offices. > Since we don't use the domain in our HQ anymore and one of the > branches will be moved to our new domain (2003/2008) I'm thinking > about decomissioning the PDC and promote both BDCs as PDC for their > branch offices and networks. > I would also get rid of LDAP. Changing the backend to tdbsam and > converting the data with pdbedit isn't that problem but how to do it > all without impact? :) > > Cheers > > Matthias >