We run a samba3 NT domain with quite 300 machine out of our administrative domain (in order to do any operation on them we have to file a request to a different department). We would like to switch to a fully samba4 AD domain with no client machine interaction. We would prefer to test samba4 AD settings in advance. Migrating users is no problem (lsc-project.org works fine). Can migration be done step by step, a few machines at a time, or old domain should be replaced with new in a single step? Currently, DNS service is issued by a dedicated server (different from samba3 PDC). Could the following upgrade path work? 1) create new samba4 AD PDC with internal samba DNS server with same domain name as old PDC. Isn't going the new PDC to be ignored by client which WINS server is old samba3 NT PDC? 2) change primary DNS server on some clients to samba4 AD PDC. Wouldn't these clients automatically join new domain, if trust account is copied from old to new domain (this is yet to be done, but I'm quite confident the samba python classic upgrade migration scripts can be studied to understand how to do this machine per machine)? 3) when we have sampled a few clients and we are happy with the AD settings, DHCP will have clients update their DNS to point new PDC and the PDC swap is done. Is that feasible? Are we going to run in trouble as both PDC have the same SID (and NT domain name as well, of course)? thank you all, Francesco