samba - Nov 2025 - Migration strategy

On Thu, 20 Nov 2025 12:19:18 +0100
Anders ?stling via samba <samba at lists.samba.org> wrote:
> I am in the process of setting up a new AD based on only Samba
> servers. The current domain has a number of Samba file servers and 2
> windows dc's that are going to be retired.
Do you have to create a new domain ?
Would it be possible to join a Samba DC and then transfer the FSMO
roles to that and then demote the Windows DCs ?
> 
> The accounts and groups in the new AD will have the same names (but
> new SID's) and be created directly in the new domain. What I need to
> figure out is how I can migrate data on the file servers to the new
> servers without bringing with me the old ACL's. All directories and
> files are owned by specific groups in the current domain.  Therefore I
> need to find a way to copy (rsync,robocopy, tar, ...) the directory
> trees to the new servers.
> 
> What would be the correct way to do this? I.e end up with a directory
> tree where the files have "NEW-AD\Owner-group" instead of
> "S-RANDOM-SID" as owner.
> 
> /Anders
> 
I do not know of any 'magical' way of doing this, you will have to
script around moving the data and then renaming the user & group
ownership.

Rowland

HI Rowland

I would love to keep the domain and just replace the DC's. But, as I
have asked before, adding a Samba DC to the current Windows (2019)
domain does not work for me since there are schema upgrades required,
and I cant upgrade the schema since the Samba has not joined the
domain yet. I think I referred to a chicken and egg dilemma a week
ago. Can you comment on that; how I add a fresh Samba ad-dc
installation to a domain that requires schema/function level 2016?

/Anders

On Thu, Nov 20, 2025 at 12:49?PM Rowland Penny via samba
<samba at lists.samba.org> wrote:
>
> On Thu, 20 Nov 2025 12:19:18 +0100
> Anders ?stling via samba <samba at lists.samba.org> wrote:
>
> > I am in the process of setting up a new AD based on only Samba
> > servers. The current domain has a number of Samba file servers and 2
> > windows dc's that are going to be retired.
>
> Do you have to create a new domain ?
> Would it be possible to join a Samba DC and then transfer the FSMO
> roles to that and then demote the Windows DCs ?
>
> >
> > The accounts and groups in the new AD will have the same names (but
> > new SID's) and be created directly in the new domain. What I need
to
> > figure out is how I can migrate data on the file servers to the new
> > servers without bringing with me the old ACL's. All directories
and
> > files are owned by specific groups in the current domain.  Therefore I
> > need to find a way to copy (rsync,robocopy, tar, ...) the directory
> > trees to the new servers.
> >
> > What would be the correct way to do this? I.e end up with a directory
> > tree where the files have "NEW-AD\Owner-group" instead of
> > "S-RANDOM-SID" as owner.
> >
> > /Anders
> >
>
> I do not know of any 'magical' way of doing this, you will have to
> script around moving the data and then renaming the user & group
> ownership.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


-- 
------ -------------------- 8 ------------------ ------
"A wise man once told me - Any idiot can do backups, but it takes a
genius to successfully restore"

Anders ?stling
+46 768 716 165 (Mobil)