samba - Aug 2013 - Classic Upgrade: Unable to enumerate group memberships

Hello. I'm using Version 4.0.8-SerNet-Ubuntu-5.precise (Also, a heads up on
this release; the folder /var/run/samba must be created upon reboot. When
starting Samba I get this error:
ERROR: can't open /var/run/samba/samba.pid: Error was No such file or
directory)

So anyway, when trying to do a classic upgrade/migration in order to
preserve authentication information on a new domain. After rsyncing the
required files over and downloading samba4, I execute this command:

samba-tool domain classicupgrade --dbdir=samba  --use-xattrs=yes
--realm=[domain_name_of_samba3] smb.conf
Reading smb.conf
Provisioning
Exporting account policy
Exporting groups
Ignoring group 'Domain Admins'
S-1-5-21-2050790810-484269470-3964389469-1001
listed but then not found: Unable to enumerate group members,
(-1073741722,No such group)
Ignoring group 'Students' S-1-5-21-2050790810-484269470-3964389469-1045
listed but then not found: Unable to enumerate group members,
(-1073741722,No such group)
Ignoring group 'exams' S-1-5-21-2050790810-484269470-3964389469-1374
listed
but then not found: Unable to enumerate group members, (-1073741722,No such
group)
Ignoring group 'Teachers' S-1-5-21-2050790810-484269470-3964389469-1046
listed but then not found: Unable to enumerate group members,
(-1073741722,No such group)
Exporting users
Ignoring group memberships of 'PORTAGE-E49E7EA$'
S-1-5-21-2050790810-484269470-3964389469-1158: Unable to enumerate group
memberships, (-1073741724,No such user)
Ignoring group memberships of 'OUTREACH-04$'
S-1-5-21-2050790810-484269470-3964389469-1036: Unable to enumerate group
memberships, (-1073741724,No such user)

...over and over for each user. Then the usual provisioning info displays
and the AD is up and running, then this message:

DOMAIN SID:            S-1-5-21-2050790810-484269470-3964389469
Importing WINS database
ERROR(ldb): uncaught exception - Entry name=OUTREACHLAB-07,type=0x20
already exists
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line
175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
1318, in run
    useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
  File "/usr/lib/python2.7/dist-packages/samba/upgrade.py", line 860,
in
upgrade_from_samba3
    import_wins(Ldb(result.paths.winsdb), samba3_winsdb)
  File "/usr/lib/python2.7/dist-packages/samba/upgrade.py", line 365,
in
import_wins
    "address": ips})


I've tried migrating the groups before/after/inbetween, according to this:
https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO#Migrating_Groups
Samba-tool seemed to be inconsistent in this regard, sometimes adding a
group without issue, sometimes failing due to a bad dn (possibly, I forget
the error.) Regardless, the users would never add to AD. So any direction
would be valued at this point.

Thanks!

(Here's the smb.conf I'm working with:)
[global]

## Browsing/Identification ###
   netbios name = PROTEUS
# Change this to the workgroup/NT-domain name your Samba server will part of

   workgroup = BSO

# server string is the equivalent of the NT Description field
   server string = %h server

# This gets rid of a bunch of stupid error messages in the logs
   smb ports = 139

# Act as a time server
   time server = yes
   wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# This will prevent nmbd to search for NetBIOS names through DNS.
   dns proxy = no

# What naming service and in what order should we use to resolve host names
# to IP addresses
;   name resolve order = lmhosts host wins bcast

#### Networking ####

# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
;   interfaces = 127.0.0.0/8 eth0

# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself.  However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
;   bind interfaces only = yes

#### Debugging/Accounting ####

   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0

# Do something sensible when Samba crashes: mail the admin a backtrace
   panic action = /usr/share/samba/panic-action %d

####### Authentication #######

   security = user
   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
   server signing = auto

########## Domains ###########

   domain logons = yes
   logon path = \\%N\profiles\%U\%a
   logon drive = H:
   logon home = \\%N\%U
   logon script = logon.cmd
  add user script = /usr/sbin/adduser --quiet --disabled-password --gecos
"" %u
  delete user script = /usr/sbin/deluser --quiet %u
  add machine script  = /usr/sbin/useradd -g machines -c "%u machine
account" -d /var/lib/samba -s /bin/false %u
  add group script = /usr/sbin/addgroup --force-badname %g
  delete group script = /usr/sbin/delgroup %g
  add user to group script = /usr/sbin/groupmod -A %u %g
  delete user from group script = /usr/sbin/groupmod -D %u %g
  set primary group script = /usr/sbin/usermod -g %g %u
  client ntlmv2 auth = yes

############ Misc ############

   usershare allow guests = yes

#======================= Share Definitions ======================
[homes]
   comment = Home Directories
   browseable = no
   inherit permissions = yes
   inherit acls = yes
   read only = no
   create mask = 0750

   directory mask = 0750

# By default, \\server\username shares can be connected to by anyone
# with access to the samba server.  Un-comment the following parameter
# to make sure that only "username" can connect to \\server\username
# This might need tweaking when using external authentication schemes
   valid users = %S
   invalid users =+exams

# Hide desktop.ini files to avoid notepad starting up at login:
  hide files = /.*/RECYCLER/desktop.ini/Desktop.ini/Thumbs.db/

# Un-comment the following and create the netlogon directory for Domain
Logons
# (you need to configure Samba to act as a domain controller too.)
[netlogon]
   comment = Network Logon Service
   path = /srv/samba/netlogon
   browseable = no
   read only = yes
   guest ok = yes

# Un-comment the following and create the profiles directory to store
# users profiles (see the "logon path" option above)
# (you need to configure Samba to act as a domain controller too.)
# The path below should be writable by all users so that their
# profile directory may be created the first time they log on
[profiles]
   comment = Users profiles
   path = /srv/samba/profiles
   browseable = no
   guest ok = no
   read only = no
   create mask = 0600
   directory mask = 0700
   hide files = /.*/RECYCLER/desktop.ini/Desktop.ini/Thumbs.db/

[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700

# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no

[Vault]
   comment = Backed-up user directories
   path = /home
   browseable = yes
   read only = no
   valid users = +users
   invalid users = +exams
   inherit permissions = yes
   inherit acls = yes
   hide files = /.*/RECYCLER/desktop.ini/Desktop.ini/Thumbs.db/

[Scratch]
   comment = Scratch space
   path = /scratch
   browseable = yes
   read only = no
   valid users = +users
   invalid users = +exams
   inherit permissions = yes
   inherit acls = yes
   hide files = /.*/RECYCLER/desktop.ini/Desktop.ini/Thumbs.db/

[pde]
   comment = Space for exam use
   path = /home/pde
   browseable = yes
   read only = no
   create mask = 0777
   directory mask = 0777
   valid users = +teachers +exams
   inherit acls = yes
   inherit permissions = yes
   map acl inherit = yes