On 08/21/2019 02:21 PM, Rowland penny via samba wrote:> I'm wondering if there's a better approach to this?? I only have > around 30 accounts.? Is there any way that I can just create the same > domain from scratch with a fresh Samba machine and get rid of the old > DCs completely?? Would all the workstations be able to join the new > domain even though it would have the same name? > > Time for a bit of info here, the thing that really identifies an AD > domain is the SID, this is in the format > 'S-1-5-21-1111111111-2222222222-3333333333'. You could have two > domains with the same name, but with different SIDs (note that I not > saying you should do this, there would still be confusion). > > What I am trying to say is, you could reuse your existing domain name > for a new one, but you would need to (ideally) remove your > workstations from the existing domain, turn off the windows DC and > then start the Samba DC. You would then need to join your workstations > to the new domain. You will also need to create any required users and > groups in your new domain.Yes, I don't see this as being too difficult.? And I could start out with the most recent supported security level, that's what I really want and need.? As well as getting off the Windoze OS and hardware game.> > This is guaranteed to work, the other option of trying to fix your > existing domain isn't, it probably will, but will take more time and > effort.Yes, this seems like a better way to go.? So I just need to shut down my Server 2003 DC (and any samba machines) and then just create the new domain.? Or should I make sure to exit each workstation from the domain first? -- Bob Wooldridge EDM Incorporated
On 21/08/2019 20:30, Robert A Wooldridge via samba wrote:> > > On 08/21/2019 02:21 PM, Rowland penny via samba wrote: >> I'm wondering if there's a better approach to this?? I only have >> around 30 accounts.? Is there any way that I can just create the same >> domain from scratch with a fresh Samba machine and get rid of the old >> DCs completely?? Would all the workstations be able to join the new >> domain even though it would have the same name? >> >> Time for a bit of info here, the thing that really identifies an AD >> domain is the SID, this is in the format >> 'S-1-5-21-1111111111-2222222222-3333333333'. You could have two >> domains with the same name, but with different SIDs (note that I not >> saying you should do this, there would still be confusion). >> >> What I am trying to say is, you could reuse your existing domain name >> for a new one, but you would need to (ideally) remove your >> workstations from the existing domain, turn off the windows DC and >> then start the Samba DC. You would then need to join your >> workstations to the new domain. You will also need to create any >> required users and groups in your new domain. > Yes, I don't see this as being too difficult.? And I could start out > with the most recent supported security level, that's what I really > want and need.? As well as getting off the Windoze OS and hardware game. >> >> This is guaranteed to work, the other option of trying to fix your >> existing domain isn't, it probably will, but will take more time and >> effort. > Yes, this seems like a better way to go.? So I just need to shut down > my Server 2003 DC (and any samba machines) and then just create the > new domain.? Or should I make sure to exit each workstation from the > domain first? > >If your workstations don't leave the the old domain, you may have a problem getting them to join the new domain, so it will probably be better to remove all the workstations from the old domain first. You should be able to setup your new DCs away from the existing domain and then do the change over. Rowland
On 08/21/2019 02:44 PM, Rowland penny via samba wrote:> If your workstations don't leave the the old domain, you may have a > problem getting them to join the new domain, so it will probably be > better to remove all the workstations from the old domain first. > > You should be able to setup your new DCs away from the existing domain > and then do the change over.Yes, this makes much more sense to me.? I'm going to try it.? Many thanks! -- Bob Wooldridge EDM Incorporated