On 2020-08-24 02:21, Rowland penny via samba wrote:> On 24/08/2020 03:59, K. R. Foley via samba wrote:
>> Hi,
>>
>> We have an older Samba3 NT4 domain, which uses a TDB backend. We have
>> a variety of different versions of Windows clients. We need to migrate
>> to a Samba 4 AD domain. I have successfully tested the classic upgrade
>> on a new server in an isolated network, but I had to work through some
>> issues along the way. My understanding is that if the clients
>> communicate with the new AD DC, they will never be able to go back to
>> the NT4 domain. Is this correct? I am concerned about getting into an
>> all or nothing situation with no return path.
>>
>> Is there a way to:
>>
>> 1)convert the data on the new server using the classic upgrade
>>
>> 2) mount the Samba file systems via NFS on the new AD DC so that both
>> servers have access to the file systems
>>
>> 3) enable the new server and keep the existing Samba NT4 PDC active
>> simultaneously
>>
>> 4) migrate the client PCs gradually instead of all at once
>>
>> Any advice is greatly appreciated. Thanks.
>>
> Your problem would be that you would have two domains using the same
> SID, this would confuse the clients and if your clients contact the AD
> DC, they will ignore the PDC.
>
> You could try using different IP ranges for each domain, but even
> then, I think you will have problems unless you can physically
> separate the networks.
>
> If you cannot migrate the clients all at once, then ensure they can
> only see one domain, do not allow them to see the AD domain until they
> are disconnected from the PDC.
>
> Rowland
Thanks for your response and clarification.
Regarding the statement "they will ignore the PDC" above, is there
really no way to undo that?
kr