I can see in the docs that a domain rename is not recommended/supported by Samba for an already provisioned domain. However, what I can't work out is if this is not possible during the classicupgrade step either? Does this make any difference, or would it present the same difficulties as renaming an already provisioned Samba AD? It case what I'm asking is not quite clear - I have a Samba NT style domain - and I would like to change its name when I use classicupgrade to migrate it to an AD style domain. Can this be done?
Hi Sebastian, Am 11.05.2017 um 19:39 schrieb Sebastian Arcus via samba:> I can see in the docs that a domain rename is not recommended/supported > by Samba for an already provisioned domain. However, what I can't work > out is if this is not possible during the classicupgrade step either?Theoretically it should be possible to change the NetBIOS domain name during the migration. In the background, Samba/Windows uses SIDs and not names. Try the following in a test environment: * Set the new NetBIOS domain name in smb.conf ("workgroup" parameter). * Run the migration https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade) Verify that the domain members in your test environment, that were part of the domain before you run the migration, still work correctly afterwards. Please let us know if this worked. Regards, Marc
On 12/05/17 09:10, Marc Muehlfeld wrote:> Hi Sebastian, > > Am 11.05.2017 um 19:39 schrieb Sebastian Arcus via samba: >> I can see in the docs that a domain rename is not >> recommended/supported by Samba for an already provisioned domain. >> However, what I can't work out is if this is not possible during the >> classicupgrade step either? > > > Theoretically it should be possible to change the NetBIOS domain name > during the migration. In the background, Samba/Windows uses SIDs and not > names. > > Try the following in a test environment: > * Set the new NetBIOS domain name in smb.conf ("workgroup" parameter). > * Run the migration > > https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade) > > > Verify that the domain members in your test environment, that were part > of the domain before you run the migration, still work correctly > afterwards. > > Please let us know if this worked.With some delay, I finally got around to trying this. It appears that things have worked out fine, as per your instructions above. The migrated server has been running for 5 days now on a live setup of an AD DC and 10 workstations - and everything appears ok. So I guess the answer is that, indeed, it is possible to change the domain name during the classicupgrade. Thank you for the pointers.
On 12/05/17 09:10, Marc Muehlfeld wrote:> Hi Sebastian, > > Am 11.05.2017 um 19:39 schrieb Sebastian Arcus via samba: >> I can see in the docs that a domain rename is not >> recommended/supported by Samba for an already provisioned domain. >> However, what I can't work out is if this is not possible during the >> classicupgrade step either? > > > Theoretically it should be possible to change the NetBIOS domain name > during the migration. In the background, Samba/Windows uses SIDs and not > names. > > Try the following in a test environment: > * Set the new NetBIOS domain name in smb.conf ("workgroup" parameter). > * Run the migration > > https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade) > > > Verify that the domain members in your test environment, that were part > of the domain before you run the migration, still work correctly > afterwards. > > Please let us know if this worked.Another update to this. The machines which I've rejoined after the classicupgrade step, by going into Advanced System Settings and just typing the new domain name - which gets accepted without an admin prompt - are not working as they should. What seems to have happened is on them, the mapping between the domain admin group and the local admin group doesn't work. So although I am signed in as a domain admin, I get elevation prompts, and my credentials as domain admin are quietly refused. Either the prompt simply goes away, but the requested action doesn't happen, or I get a "This action requires elevation" dialog. After I fully unjoin and rejoin the machine to the domain - everything works fine. So in conclusion, changing the domain name during the classicupgrade step, although possible. pretty much requires unjoining and rejoining every machine to the domain.