On Sat, 2005-02-12 at 14:40 -0800, Jonathan Johnson wrote: > At the risk of being called a turncoat and traitor in Sambaland, I ask, > "how do I migrate from a Samba 3 domain to a Windows 2003 Active > Directory domain?" > > A customer has determined that they wish to use the groupware features > of Microsoft Exchange. They already have the licenses they need, so > there's no point in convincing them that Samba will be cheaper or that > some Linux-based solution will work. This of course requires Active > Directory (although I would not be surprised if a subscriber to this > list proves me wrong), and by extension, migrating their existing Samba > 3 domain. > > Of course, it would be easy to just create a new domain. Since this > customer has only 6 machine accounts and 7-10 user accounts, it's not a > big deal to recreate them. However, one must remember that creating new > users in a new domain means that user profiles will be "lost" since the > profile (read: NTUSER.DAT) is tied to the SID of the user. New domain = > new SIDs. It's possible but tedious and risky with unpredictable results > (due to permissions, again tied to the SID) to migrate user profiles. A > domain migration would be much smoother, if possible, especially for an > administrator dealing with hundreds or thousands of user and machine > accounts. > > Here is how I imagine doing it. The customer has two new servers > (hardware), one of which will be a replacement for the existing Samba > box (which handles file storage and sharing), the other of which will be > the Windows 2003 AD server. > > I will make a copy of the existing Samba 3 domain to one new box, and > install Windows 2003 in the other new box. These boxes will be at this > point disconnected from the production network, leaving it intact and > unchanged for now. This lets us make mistakes on the new systems without > affecting their production network. > > Configure the Samba server so it looks like an NT 4 server (how?). > > Join the Windows 2003 server as a member server to the Samba 3 domain. > > Run the Active Directory installation wizard to migrate the domain, > elevating the Windows 2003 server to an Active Directory server. > > Take the Samba 3 server offline, rebuild it, joining it to the new > W2K3/AD domain as a simple file server. > > Any reason this won't work? Your experiences? Your wisdom? > > One final question: Can Exchange 2003 be made to authenticate against a > Samba domain? I would expect not, since a Samba domain is mostly an NT4 > equivalent and Exchange 2003 requires a domain at least at AD2000 > functional level. Maybe AD2003 functional level.
Why not just do the easy thing... add 2003 to the samba domain... and just have "local" AD and then it'll "just work". -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba