Hi, I am about to spend one week of my holidays with transfering our (about 20 clients) NT4 domain to a AD DC one. We are running a samba NT4 PDC on debian buster which is offering dns (bind9) and dhcp (isc-dhcpd), too. I have an older server where I can play with an AD DC setup. If I see I won't make it in a week, I would like to be able to return as smooth as possible to the present state. Our current internal domain is: intra.our.tld Frankly speaking I am already lost, if I should choose the right AD DC domain: [ ] addc.intra.our.tld and use the exsisting bind as a forwarder for the new bind on the AD DC or better use: [ ] addc.our.tld ... and one second question (sorry): What about the dhpcd? At present we use fixed MAC:IP:Name matches and the DHCP writes corresponding DNS records into bind. I am afraid we can't use such setup anymore, too, can we? TIA. -- Mit freundlichen Gruessen/Best regrads Maik Holtkamp Kirchstr. 76 D-32278 Kirchlengern/Germany Tel: +49 5223 879202 Mob.: +49 172 203 5491 e-mail: s-y-l at gmx.net Datenschutz Bedenken/Privacy Concerns: PGP-ID: 0xB8DC036F
On 30/06/2020 14:41, Maik Holtkamp via samba wrote:> Hi, > > I am about to spend one week of my holidays with transfering our (about > 20 clients) NT4 domain to a AD DC one. > > We are running a samba NT4 PDC on debian buster which is offering dns > (bind9) and dhcp (isc-dhcpd), too. > > I have an older server where I can play with an AD DC setup. > > If I see I won't make it in a week, I would like to be able to return as > smooth as possible to the present state. > > Our current internal domain is: > > intra.our.tld > > Frankly speaking I am already lost, if I should choose the right AD DC > domain: > > [ ] addc.intra.our.tld > > and use the exsisting bind as a forwarder for the new bind on the AD DC > or better use: > > [ ] addc.our.tld > > ... and one second question (sorry): > > What about the dhpcd? > > At present we use fixed MAC:IP:Name matches and the DHCP writes > corresponding DNS records into bind. I am afraid we can't use such setup > anymore, too, can we?Is 'intra.our.tld' a registered domain ? If you do have a registered domain, I would suggest something like 'anything_you_like.your.registered.domain.tld', do not use your registered domain, use a subdomain of your registered domain. Depending on how much data you have, it might just be easier and better to start anew, that way you can lose all the bad practices of the past (using the RID for Unix ID's etc) If you must classicupgrade your old domain, do your practising in a sandbox and read this: https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade) You can use Bind9 and you just need to use forwarders outside your AD domain. You can also use DHCP as well, this might help you: https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9 Rowland
Hi Maik, it can be done in one week ;-) You could migrate your domain and keep all your users. For the migration it dosn't matter if you are using openLDAP or tdb as backend for your domain. If you migrate you will keep your netbios domainname. You can mirgrate all users and groups having a SID in your old domain. As long as the PDC ist NOT a filserver too, it will work easy. Grretings Stefan Am 30.06.20 um 15:41 schrieb Maik Holtkamp via samba:> Hi, > > I am about to spend one week of my holidays with transfering our (about > 20 clients) NT4 domain to a AD DC one. > > We are running a samba NT4 PDC on debian buster which is offering dns > (bind9) and dhcp (isc-dhcpd), too. > > I have an older server where I can play with an AD DC setup. > > If I see I won't make it in a week, I would like to be able to return as > smooth as possible to the present state. > > Our current internal domain is: > > intra.our.tld > > Frankly speaking I am already lost, if I should choose the right AD DC > domain: > > [ ] addc.intra.our.tld > > and use the exsisting bind as a forwarder for the new bind on the AD DC > or better use: > > [ ] addc.our.tld > > ... and one second question (sorry): > > What about the dhpcd? > > At present we use fixed MAC:IP:Name matches and the DHCP writes > corresponding DNS records into bind. I am afraid we can't use such setup > anymore, too, can we? > > TIA. > > -- > Mit freundlichen Gruessen/Best regrads???????????????????? Maik Holtkamp > Kirchstr. 76??????????????????????????????? D-32278 Kirchlengern/Germany > Tel: +49 5223 879202????????????????????????????? Mob.: +49 172 203 5491 > e-mail: s-y-l at gmx.net > Datenschutz Bedenken/Privacy Concerns:??????????????? PGP-ID: 0xB8DC036F >-- Stefan Kania Landweg 13 25693 St. Michaelisdonn Signieren jeder E-Mail hilft Spam zu reduzieren und sch?tzt Ihre Privatsph?re. Ein kostenfreies Zertifikat erhalten Sie unter https://www.dgn.de/dgncert/index.html
Hi, Am 30.06.2020 um 16:14 schrieb Rowland penny via samba:> On 30/06/2020 14:41, Maik Holtkamp via samba wrote: >> Hi, >> >> I am about to spend one week of my holidays with transfering our (about >> 20 clients) NT4 domain to a AD DC one. >> >> We are running a samba NT4 PDC on debian buster which is offering dns >> (bind9) and dhcp (isc-dhcpd), too. >> >> I have an older server where I can play with an AD DC setup. >> >> If I see I won't make it in a week, I would like to be able to return as >> smooth as possible to the present state. >> >> Our current internal domain is: >> >> intra.our.tld >> >> Frankly speaking I am already lost, if I should choose the right AD DC >> domain: >> >> [ ] addc.intra.our.tld >> >> and use the exsisting bind as a forwarder for the new bind on the AD DC >> or better use: >> >> [ ] addc.our.tld >> >> ... and one second question (sorry): >> >> What about the dhpcd? >> >> At present we use fixed MAC:IP:Name matches and the DHCP writes >> corresponding DNS records into bind. I am afraid we can't use such setup >> anymore, too, can we? > > Is 'intra.our.tld' a registered domain ?Yeno ;). "our.tld" is registered. Though but there isn't a A record for "intra" in public DNS. hosts.intra.our.tld will are only resolvable in our LAN. My concern was if there are good reasons to make the new addc Domain part of this internal local domain eg: AD DC Domainname: addc.intra.our.tld The actual AD DC will probably named something like: chief.addc.intra.our.tld or are there any good reasons to make a second parallel to the exsisting intra domain, like: addc.our.tld Any pros or cons? & Thanks for the links. -- Mit freundlichen Gruessen/Best regrads Maik Holtkamp Kirchstr. 76 D-32278 Kirchlengern/Germany Tel: +49 5223 879202 Mob.: +49 172 203 5491 e-mail: s-y-l at gmx.net Datenschutz Bedenken/Privacy Concerns: PGP-ID: 0xB8DC036F