Il 27/08/2023 14:01, Trenta sis via samba ha scritto:> Hi, > > I need to evaluate a migration of two samba DC to a native AD > controller, reading wiki, appear that can join to windows 2008, but I > can't find a full complete migration steps, anybody has experience > about this migration from samba 4.4.5 to AD DC? > What are the key on this migration? > > Thanks! >Hi, I did some tests in latest years to migrate domains with samba AD domain controllers to windows AD domain controller. Near all tests was adding windows 2008R2 before but all failed, tried to follow some different howtos (major part is near the same) but windows always fails to complete the first synchronization and even if I enabled and synced SYSVOL manually the issue on windows persist and also trying to force remove of samba DC and add other windows DC I've never been able to get a consistent one (of windows DC). small note, before there is to create two attributes msDS-SDReferenceDomain in the "cn=configuration" (not all howto tell them), in this for example that is also a script to do easy (is possible to do also manually with "ADSI edit" from windows tools like what I did): https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_add_windows_active_directory.html now that next samba version (4.19) add more functionality about domain feature level I also tried to increase it for try adding directly windows 2012r2 and windows 2019 servers, but I had 2 errors for now, one reported and fixed and one report just now (however this is quite normal with new version still in "rc" and a newly added feature, FL 2016 is also partial). I think issues samba side can be solved,it's just a matter of time, what which unfortunately are more difficult are the windows ones. Has anyone had success migrating from samba to windows and know how to troubleshoot the windows DCs issue? I have not been able to find a solution from online research and I have tried in many ways, now I just have to try with higher domain feature level on more recent windows servers thanks for any reply and sorry for my bad english -- Questa email ? stata esaminata alla ricerca di virus dal software antivirus Avast. www.avast.com
Hi, I've managed to successfully migrate a samba-AD to a windows-AD ... in a test environment not yet in production. I suggest you to start reading this: https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_migration_to_ms_domain.html My samba version is 4.15.13 The steps I've followed are: - prepare samba - add win2008 to the domain - copy sysvol - demote samba DC (the one without FSMO roles) - transfer FSMO roles from samba to win2008 - demote the other samba DC - add win2016 to the domain - copy sysvol - transfer the FSMO roles - demote win2008 - add win2022 Regards On Mon, Aug 28, 2023 at 1:39?PM Fabio Fantoni via samba < samba at lists.samba.org> wrote:> Il 27/08/2023 14:01, Trenta sis via samba ha scritto: > > Hi, > > > > I need to evaluate a migration of two samba DC to a native AD > > controller, reading wiki, appear that can join to windows 2008, but I > > can't find a full complete migration steps, anybody has experience > > about this migration from samba 4.4.5 to AD DC? > > What are the key on this migration? > > > > Thanks! > > > Hi, I did some tests in latest years to migrate domains with samba AD > domain controllers to windows AD domain controller. > > Near all tests was adding windows 2008R2 before but all failed, tried to > follow some different howtos (major part is near the same) but windows > always fails to complete the first synchronization and even if I enabled > and synced SYSVOL manually the issue on windows persist and also trying > to force remove of samba DC and add other windows DC I've never been > able to get a consistent one (of windows DC). > > small note, before there is to create two attributes > msDS-SDReferenceDomain in the "cn=configuration" (not all howto tell > them), in this for example that is also a script to do easy (is possible > to do also manually with "ADSI edit" from windows tools like what I did): > > > https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_add_windows_active_directory.html > > now that next samba version (4.19) add more functionality about domain > feature level I also tried to increase it for try adding directly > windows 2012r2 and windows 2019 servers, but I had 2 errors for now, one > reported and fixed and one report just now (however this is quite normal > with new version still in "rc" and a newly added feature, FL 2016 is > also partial). I think issues samba side can be solved,it's just a > matter of time, what which unfortunately are more difficult are the > windows ones. > > Has anyone had success migrating from samba to windows and know how to > troubleshoot the windows DCs issue? I have not been able to find a > solution from online research and I have tried in many ways, now I just > have to try with higher domain feature level on more recent windows servers > > thanks for any reply and sorry for my bad english > > > -- > Questa email ? stata esaminata alla ricerca di virus dal software > antivirus Avast. > www.avast.com > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Thanks on wiki appears https://wiki.samba.org/index.php/Joining_a_Windows_Server_2008_/_2008_R2_DC_to_a_Samba_AD I understand that this can be used to migrate fist 2008r2 and the to newer versions windows? Any special requirement for initial join between 2008r2 and samba (specific min version required to allow this join?) Anybody has migrated with a successful result? Thanks Missatge de Fabio Fantoni <fabio.fantoni at m2r.biz> del dia dl., 28 d?ag. 2023 a les 13:38:> > Il 27/08/2023 14:01, Trenta sis via samba ha scritto: > > Hi, > > > > I need to evaluate a migration of two samba DC to a native AD > > controller, reading wiki, appear that can join to windows 2008, but I > > can't find a full complete migration steps, anybody has experience > > about this migration from samba 4.4.5 to AD DC? > > What are the key on this migration? > > > > Thanks! > > > Hi, I did some tests in latest years to migrate domains with samba AD > domain controllers to windows AD domain controller. > > Near all tests was adding windows 2008R2 before but all failed, tried to > follow some different howtos (major part is near the same) but windows > always fails to complete the first synchronization and even if I enabled > and synced SYSVOL manually the issue on windows persist and also trying > to force remove of samba DC and add other windows DC I've never been > able to get a consistent one (of windows DC). > > small note, before there is to create two attributes > msDS-SDReferenceDomain in the "cn=configuration" (not all howto tell > them), in this for example that is also a script to do easy (is possible > to do also manually with "ADSI edit" from windows tools like what I did): > > https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_add_windows_active_directory.html > > now that next samba version (4.19) add more functionality about domain > feature level I also tried to increase it for try adding directly > windows 2012r2 and windows 2019 servers, but I had 2 errors for now, one > reported and fixed and one report just now (however this is quite normal > with new version still in "rc" and a newly added feature, FL 2016 is > also partial). I think issues samba side can be solved,it's just a > matter of time, what which unfortunately are more difficult are the > windows ones. > > Has anyone had success migrating from samba to windows and know how to > troubleshoot the windows DCs issue? I have not been able to find a > solution from online research and I have tried in many ways, now I just > have to try with higher domain feature level on more recent windows servers > > thanks for any reply and sorry for my bad english > > > -- > Questa email ? stata esaminata alla ricerca di virus dal software antivirus Avast. > www.avast.com
Il 28/08/2023 13:38, Fabio Fantoni ha scritto:> Hi, I did some tests in latest years to migrate domains with samba AD > domain controllers to windows AD domain controller. > > Near all tests was adding windows 2008R2 before but all failed, tried > to follow some different howtos (major part is near the same) but > windows always fails to complete the first synchronization and even if > I enabled and synced SYSVOL manually the issue on windows persist and > also trying to force remove of samba DC and add other windows DC I've > never been able to get a consistent one (of windows DC). > > small note, before there is to create two attributes > msDS-SDReferenceDomain in the "cn=configuration" (not all howto tell > them), in this for example that is also a script to do easy (is > possible to do also manually with "ADSI edit" from windows tools like > what I did): > > https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_add_windows_active_directory.html > > > now that next samba version (4.19) add more functionality about domain > feature level I also tried to increase it for try adding directly > windows 2012r2 and windows 2019 servers, but I had 2 errors for now, > one reported and fixed and one report just now (however this is quite > normal with new version still in "rc" and a newly added feature, FL > 2016 is also partial). I think issues samba side can be solved,it's > just a matter of time, what which unfortunately are more difficult are > the windows ones. > > Has anyone had success migrating from samba to windows and know how to > troubleshoot the windows DCs issue? I have not been able to find a > solution from online research and I have tried in many ways, now I > just have to try with higher domain feature level on more recent > windows servers > > thanks for any reply and sorry for my bad english >hi, some updates: with samba 4.19 I increased FL successfull to 2012r2 and after added windows 2019 standard domain controller basically it works, dfs-r gives an error but seems it's normal (as not implemented in samba) and I added the automatic synchronization sysvol from dc samba every 10 min dns have errors event 4013 and 4014, I tried to solve them but I didn't succeed, anyway the DNS server seems to work, it also synchronizes from record changes on DC Samba (after a certain amount of time) in practice better than previous attempts with windows 2008r2 and 2012r2 but I can't get a fully functional windows dc without errors yesterday I tried to migrate roles from samba dc to the new dc windows 2019 (before I did a backup of DCs), demoted samba and added another windows 2019 domain controller unfortunately even in the second one it continues to give dns errors and give also other active directory and additional operation errors and I was unable to resolve it despite several searches and tests so I restored the backup I removed the DNS records of the Samba DC manually after the demote (since it hadn't removed them) and it hadn't added the DNS records of the second Windows DC either after the addition (added with ipconfig /registerdns) I also tried to reset/fix dfsr (after samba dc demote) but failed I tried to look for scripts and tools that check the DNS servers and their records in depth but I found only common and superficial checks, read of event checks, scripts that fail because they are based on language output (and my windows servers are not in English). regarding existing records I was able to achieve more with manual checking and editing. Is normal that on demote don't remove dns entries of the samba dc removed and should be done manually? The dns event errors should they not exist or be able to resolve in a normal situation? (this to people that added windows domain controllers to samba-only AD successfully and fully working) out of curiosity, is there any news for dfs-r? I last saw this updated 3 years ago: https://github.com/scabrero/samba/tree/dfs-r -- Questa email ? stata esaminata alla ricerca di virus dal software antivirus Avast. www.avast.com