Hi, I want to migrate a Windows Small Business Server 2011 domain controller to Samba 4. The SBS2011 has about 40 users and 100 client computers. Also about 50 GPOs are in use. Furthermore there is Exchange running on the SBS and it has to stay there for the next couple of month (it will be replaced by a new mail system later). So far I think I can either try to migrate or start from scratch. I guess migration can be done like this (and probably much more steps): * install Samba * join Samba to the SBS domain * sync SYSVOL folder from SBS to Samba * move FSMO roles from SBS to Samba (is this even possible with SBS?) * actually then shutdown SBS, but wait... It needs to keep running for Exchange Or should I start from scratch like this: * keep the SBS running with old domain (mydomain.local) * keep Exchange on the SBS. Should still be possible to connect with Outlook. * install Samba * set up a new domain: mydomain.com * create all users with new passwords by a script on Samba server * connect all computers to the new domain (do I have to do this manually or is there a better way?) * move the GPOs to new DC (how?) There are probably 1000 things more that I also should think about... Thank you, Thor
L.P.H. van Belle
2019-Dec-18 16:08 UTC
[Samba] Migrate DC from Small Business Server 2011 to Samba 4
Hai, Your first option should be fine BUT.. I suggest setup new, why? No leftovers from older setup, so less problems. And that .local domain is gone then then your able to setup better. Gives the advantage to keep the old server as is and use domain trust. That give you more time and room to setup new. Just my idea.. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Thor > via samba > Verzonden: woensdag 18 december 2019 16:42 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Migrate DC from Small Business Server 2011 > to Samba 4 > > Hi, > > I want to migrate a Windows Small Business Server 2011 domain > controller > to Samba 4. The SBS2011 has about 40 users and 100 client computers. > Also about 50 GPOs are in use. Furthermore there is Exchange > running on > the SBS and it has to stay there for the next couple of month > (it will > be replaced by a new mail system later). > > So far I think I can either try to migrate or start from scratch. > > I guess migration can be done like this (and probably much > more steps): > * install Samba > * join Samba to the SBS domain > * sync SYSVOL folder from SBS to Samba > * move FSMO roles from SBS to Samba (is this even possible with SBS?) > * actually then shutdown SBS, but wait... It needs to keep > running for Exchange > > Or should I start from scratch like this: > * keep the SBS running with old domain (mydomain.local) > * keep Exchange on the SBS. Should still be possible to connect with > Outlook. > * install Samba > * set up a new domain: mydomain.com > * create all users with new passwords by a script on Samba server > * connect all computers to the new domain (do I have to do > this manually > or is there a better way?) > * move the GPOs to new DC (how?) > > There are probably 1000 things more that I also should think about... > > Thank you, > Thor > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Rowland penny
2019-Dec-18 16:18 UTC
[Samba] Migrate DC from Small Business Server 2011 to Samba 4
On 18/12/2019 15:41, Thor via samba wrote:> Hi, > > I want to migrate a Windows Small Business Server 2011 domain > controller to Samba 4. The SBS2011 has about 40 users and 100 client > computers. Also about 50 GPOs are in use. Furthermore there is > Exchange running on the SBS and it has to stay there for the next > couple of month (it will be replaced by a new mail system later).That makes your decision making a lot easier, you cannot extended the Samba schema with the exchange schema (as far as I am aware) and even if you could, you would be lumbered with it for ever.> > So far I think I can either try to migrate or start from scratch. > > I guess migration can be done like this (and probably much more steps): > * install Samba > * join Samba to the SBS domain > * sync SYSVOL folder from SBS to Samba > * move FSMO roles from SBS to Samba (is this even possible with SBS?) > * actually then shutdown SBS, but wait... It needs to keep running for > Exchange > > Or should I start from scratch like this: > * keep the SBS running with old domain (mydomain.local) > * keep Exchange on the SBS. Should still be possible to connect with > Outlook. > * install Samba > * set up a new domain: mydomain.com > * create all users with new passwords by a script on Samba server > * connect all computers to the new domain (do I have to do this > manually or is there a better way?) > * move the GPOs to new DC (how?)I would start with a new domain. Your computers will need to leave the old domain and then join the new one, this will probably have to be done manually (just a question here, how does a user use 2.5 computers at once ?). I think you will have to recreate the GPOs in the new domain, they are stored in SYSVOL and AD.> > There are probably 1000 things more that I also should think about...No, more like a million ;-) Rowland
Amélie Le Jeune
2019-Dec-19 08:12 UTC
[Samba] Migrate DC from Small Business Server 2011 to Samba 4
Hello Thor,>From our experience with one client whom had the same situation as you, we first migrated exchange to another mail system then we migrated the AD part.The SBS version we had to migration only allowed a secondary DC for a fixed period of time . The Exchange mail extensions were properly handled by Samba, even if they weren't used anymore. I don't remember the exact version of SBS it was though. By the way, a domain migration could still be a good idea since you domain ends with a . local suffix. A .lan or ad.yourpublicdomain.fr would be much better. However you'll have to join computers but if you create a new domain with the same SID from you old domain, you won't have to migrate user's profiles or shares. But in this case you can keep the exchange and the new domain side by side and so migrate the domain first . Have a good day , Am?lie Am?lie LE JEUNE, Technicienne syst?mes et r?seaux Tranquil IT 12 avenue Jules Verne (B?t. A) 44230 Saint S?bastien sur Loire (FRANCE) tel: +33 (0) 240 975 755 Retrouvez-nous sur les r?seaux : [ https://twitter.com/TRANQUIL_IT ] [ https://www.linkedin.com/company/3108003/ ] [ https://www.youtube.com/channel/UCl45FZItnoOlXsaWUa3UrTw ] [ https://www.tranquil.it/qui-sommes-nous/nous-rejoindre/ ]> De: "samba" <samba at lists.samba.org> > ?: "samba" <samba at lists.samba.org> > Envoy?: Mercredi 18 D?cembre 2019 16:41:37 > Objet: [Samba] Migrate DC from Small Business Server 2011 to Samba 4> Hi,> I want to migrate a Windows Small Business Server 2011 domain controller > to Samba 4. The SBS2011 has about 40 users and 100 client computers. > Also about 50 GPOs are in use. Furthermore there is Exchange running on > the SBS and it has to stay there for the next couple of month (it will > be replaced by a new mail system later).> So far I think I can either try to migrate or start from scratch.> I guess migration can be done like this (and probably much more steps): > * install Samba > * join Samba to the SBS domain > * sync SYSVOL folder from SBS to Samba > * move FSMO roles from SBS to Samba (is this even possible with SBS?) > * actually then shutdown SBS, but wait... It needs to keep running for > Exchange> Or should I start from scratch like this: > * keep the SBS running with old domain (mydomain.local) > * keep Exchange on the SBS. Should still be possible to connect with > Outlook. > * install Samba > * set up a new domain: mydomain.com > * create all users with new passwords by a script on Samba server > * connect all computers to the new domain (do I have to do this manually > or is there a better way?) > * move the GPOs to new DC (how?)> There are probably 1000 things more that I also should think about...> Thank you, > Thor> -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Andrew Bartlett
2019-Dec-19 08:29 UTC
[Samba] Migrate DC from Small Business Server 2011 to Samba 4
On Thu, 2019-12-19 at 09:12 +0100, Am?lie Le Jeune via samba wrote:> Hello Thor, > > From our experience with one client whom had the same situation as you, we first migrated exchange to another mail system then we migrated the AD part. > The SBS version we had to migration only allowed a secondary DC for a fixed period of time . > The Exchange mail extensions were properly handled by Samba, even if they weren't used anymore.This is really great to hear. As you know from our work together we put a fair bit of effort into making Samba cope with schema changes in recent versions, I'm glad to hear it is working in the real world. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
L.P.H. van Belle
2019-Dec-19 08:42 UTC
[Samba] Migrate DC from Small Business Server 2011 to Samba 4
Small side note. Read this before you deside the new domainname. : https://tools.ietf.org/html/rfc2606 https://tools.ietf.org/html/rfc6761 https://tools.ietf.org/html/rfc6762#appendix-G < especially https://support.microsoft.com/nl-nl/help/909264/naming-conventions-in-active-directory-for-computers-domains-sites-and https://social.technet.microsoft.com/wiki/contents/articles/34981.active-directory-best-practices-for-internal-domain-and-network-names.aspx Its worth ready and i suggest make a table of it. If you look up for example all AD-DC rules, you'll end up with something like this. hostname.dom.tld (15char)(.dom.tld 49chars) so, max total 63 length chars for your AD-DC FQDN namings. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Am?lie Le Jeune via samba > Verzonden: donderdag 19 december 2019 9:13 > Aan: Thor > CC: samba > Onderwerp: Re: [Samba] Migrate DC from Small Business Server > 2011 to Samba 4 > > Hello Thor, > > From our experience with one client whom had the same > situation as you, we first migrated exchange to another mail > system then we migrated the AD part. > The SBS version we had to migration only allowed a secondary > DC for a fixed period of time . > The Exchange mail extensions were properly handled by Samba, > even if they weren't used anymore. > I don't remember the exact version of SBS it was though. By > the way, a domain migration could still be a good idea since > you domain ends with a . local suffix. A .lan or > ad.yourpublicdomain.fr would be much better. > However you'll have to join computers but if you create a new > domain with the same SID from you old domain, you won't have > to migrate user's profiles or shares. > But in this case you can keep the exchange and the new domain > side by side and so migrate the domain first . > > Have a good day , > > Am?lie > > Am?lie LE JEUNE, Technicienne syst?mes et r?seaux > Tranquil IT > 12 avenue Jules Verne (B?t. A) > 44230 Saint S?bastien sur Loire (FRANCE) > tel: +33 (0) 240 975 755 > > Retrouvez-nous sur les r?seaux : > [ https://twitter.com/TRANQUIL_IT ] [ > https://www.linkedin.com/company/3108003/ ] [ > https://www.youtube.com/channel/UCl45FZItnoOlXsaWUa3UrTw ] > > [ https://www.tranquil.it/qui-sommes-nous/nous-rejoindre/ ] > > > De: "samba" <samba at lists.samba.org> > > ?: "samba" <samba at lists.samba.org> > > Envoy?: Mercredi 18 D?cembre 2019 16:41:37 > > Objet: [Samba] Migrate DC from Small Business Server 2011 to Samba 4 > > > Hi, > > > I want to migrate a Windows Small Business Server 2011 > domain controller > > to Samba 4. The SBS2011 has about 40 users and 100 client computers. > > Also about 50 GPOs are in use. Furthermore there is > Exchange running on > > the SBS and it has to stay there for the next couple of > month (it will > > be replaced by a new mail system later). > > > So far I think I can either try to migrate or start from scratch. > > > I guess migration can be done like this (and probably much > more steps): > > * install Samba > > * join Samba to the SBS domain > > * sync SYSVOL folder from SBS to Samba > > * move FSMO roles from SBS to Samba (is this even possible > with SBS?) > > * actually then shutdown SBS, but wait... It needs to keep > running for > > Exchange > > > Or should I start from scratch like this: > > * keep the SBS running with old domain (mydomain.local) > > * keep Exchange on the SBS. Should still be possible to connect with > > Outlook. > > * install Samba > > * set up a new domain: mydomain.com > > * create all users with new passwords by a script on Samba server > > * connect all computers to the new domain (do I have to do > this manually > > or is there a better way?) > > * move the GPOs to new DC (how?) > > > There are probably 1000 things more that I also should > think about... > > > Thank you, > > Thor > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Am 18.12.2019 17:18 schrieb Rowland penny via samba:> I would start with a new domain. Your computers will need to leave the > old domain and then join the new one, this will probably have to be > done manuallyMaybe something can be automated with Powershell: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/add-computer> (just a question here, how does a user use 2.5 computers > at once ?).That's because it is a labratory environment with a lot of shared computers.> I think you will have to recreate the GPOs in the new > domain, they are stored in SYSVOL and AD.So it is definitely not enough to just copy SYSVOL over? Cheers, Thor
me at tdiehl.org
2019-Dec-19 14:52 UTC
[Samba] Migrate DC from Small Business Server 2011 to Samba 4
On Thu, 19 Dec 2019, Am?lie Le Jeune via samba wrote:> Hello Thor, > > From our experience with one client whom had the same situation as you, we first migrated exchange to another mail system then we migrated the AD part. > The SBS version we had to migration only allowed a secondary DC for a fixed period of time . > The Exchange mail extensions were properly handled by Samba, even if they weren't used anymore. > I don't remember the exact version of SBS it was though. By the way, a domain migration could still be a good idea since you domain ends with a . local suffix. A .lan or ad.yourpublicdomain.fr would be much better. > However you'll have to join computers but if you create a new domain with the same SID from you old domain, you won't have to migrate user's profiles or shares. > But in this case you can keep the exchange and the new domain side by side and so migrate the domain first .Unfortunately my experience has been the opposite. I am to this day fighting with errors produced when we run samba-tool dbcheck --cross-ncs --fix. other than that everything seems to work as advertised but it was a long road getting there. It might have something to do with starting this journey in the 4.7/4.8 timeframe but I think if I had it to do again I would most likely start a new domain. Regards, -- Tom me at tdiehl.org
> I want to migrate a Windows Small Business Server 2011 domain > controller to Samba 4. The SBS2011 has about 40 users and 100 client > computers. Also about 50 GPOs are in use.OK, I'll try to start from scratch again. Another question: What is the minimum Samba version I should use for a DC?
Rowland penny
2020-Jan-06 20:19 UTC
[Samba] Migrate DC from Small Business Server 2011 to Samba 4
On 06/01/2020 19:08, Thor via samba wrote:>> I want to migrate a Windows Small Business Server 2011 domain >> controller to Samba 4. The SBS2011 has about 40 users and 100 client >> computers. Also about 50 GPOs are in use. > > OK, I'll try to start from scratch again. > > Another question: What is the minimum Samba version I should use for a > DC? >The latest you can get ;-) Samba is improving with every version, so using the latest you can get ensures you get the best outcome. Rowland