Hello,
Le 06/06/2024 ? 15:40, Rowland Penny via samba a ?crit?:> On Thu, 6 Jun 2024 13:33:04 +0200
> Havany via samba <samba at lists.samba.org> wrote:
>
>
>> - Classisupgrade is destructive for the NT4 Domain, but we can keep
>> data of the old NT4 Domain and we can rollback to this with ours
>> Ansible playbooks. We will loose all change between migration and
>> rollback and we will improve a possible long downtime.
>>
>> - With "Big Bang" approach we are able to keep our old NT4
Domain if
>> we need to rollback to it. But in this case the problem is the access
>> to the filers. I think that we can't have a file server that allow
>> access at the same time to an NT4 Domain and a Samba 4 AD Domain (I
>> will search information about that). The second problem for this
>> approach is that we need to write a (maybe complex) logon script to
>> be able to keep user local profile when a computer is moved to the
>> new Domain.
>
> There is one big problem with either of those scenarios, once your
> Windows clients see an AD DC, they will never reconnect to your old
> NT4-style PDC.
Yes you're right. A rollback is not as simple in all cases.
>
> It sounds like you are still using the old, deprecated (by Windows)
> roaming profiles, instead of Folder redirection.
No we do not use roaming profile.
I replayed the "classicupgrade" on our test infrastructure. I applied
the domain security configurations, except for the functional level,
which I left at 2008_R2 with schema version 88 (default on 4.19). I also
upgraded our test file server to the Samba4 AD member style. Everything
seems correct.
So, I think I will use the "classicupgrade" method. I will wait a few
days to make sure everything works well before making the final decision
and moving on to the next steps.
Thanks to all,
>
> Rowland
>
>
>