[Samba] Migrating domain from Samba 3 to Windows 2003

[Jonathan Johnson]

At the risk of being called a turncoat and traitor in Sambaland, I ask, 
how do I migrate from a Samba 3 domain to a Windows 2003 Active 
Directory domain?

A customer has determined that they wish to use the groupware features 
of Microsoft Exchange. They already have the licenses they need, so 
there's no point in convincing them that Samba will be cheaper or that 
some Linux-based solution will work. This of course requires Active 
Directory (although I would not be surprised if a subscriber to this 
list proves me wrong), and by extension, migrating their existing Samba 
3 domain.

Of course, it would be easy to just create a new domain. Since this 
customer has only 6 machine accounts and 7-10 user accounts, it's not a 
big deal to recreate them. However, one must remember that creating new 
users in a new domain means that user profiles will be lost since the 
profile (read: NTUSER.DAT) is tied to the SID of the user. New domain = 
new SIDs. It's possible but tedious and risky with unpredictable results 
(due to permissions, again tied to the SID) to migrate user profiles. A 
domain migration would be much smoother, if possible, especially for an 
administrator dealing with hundreds or thousands of user and machine 
accounts.

Here is how I imagine doing it. The customer has two new servers 
(hardware), one of which will be a replacement for the existing Samba 
box (which handles file storage and sharing), the other of which will be 
the Windows 2003 AD server.

I will make a copy of the existing Samba 3 domain to one new box, and 
install Windows 2003 in the other new box. These boxes will be at this 
point disconnected from the production network, leaving it intact and 
unchanged for now. This lets us make mistakes on the new systems without 
affecting their production network.

Configure the Samba server so it looks like an NT 4 server (how?).
Join the Windows 2003 server as a member server to the Samba 3 domain.
Run the Active Directory installation wizard to migrate the domain, 
elevating the Windows 2003 server to an Active Directory server.

Take the Samba 3 server offline, rebuild it, joining it to the new 
W2K3/AD domain as a simple file server.

Any reason this won't work? Your experiences? Your wisdom?
One final question: Can Exchange 2003 be made to authenticate against a 
Samba domain? I would expect not, since a Samba domain is mostly an NT4 
equivalent and Exchange 2003 requires a domain at least at AD2000 
functional level. Maybe AD2003 functional level.

~Jonathan Johnson
Sutinen Consulting, Inc.
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Migrating domain from Samba 3 to Windows 2003

[Greg Folkert]

On Sat, 2005-02-12 at 14:40 -0800, Jonathan Johnson wrote:
 At the risk of being called a turncoat and traitor in Sambaland, I ask, 
 how do I migrate from a Samba 3 domain to a Windows 2003 Active 
 Directory domain?
 
 A customer has determined that they wish to use the groupware features 
 of Microsoft Exchange. They already have the licenses they need, so 
 there's no point in convincing them that Samba will be cheaper or that 
 some Linux-based solution will work. This of course requires Active 
 Directory (although I would not be surprised if a subscriber to this 
 list proves me wrong), and by extension, migrating their existing Samba 
 3 domain.
 
 Of course, it would be easy to just create a new domain. Since this 
 customer has only 6 machine accounts and 7-10 user accounts, it's not a 
 big deal to recreate them. However, one must remember that creating new 
 users in a new domain means that user profiles will be lost since the 
 profile (read: NTUSER.DAT) is tied to the SID of the user. New domain = 
 new SIDs. It's possible but tedious and risky with unpredictable results 
 (due to permissions, again tied to the SID) to migrate user profiles. A 
 domain migration would be much smoother, if possible, especially for an 
 administrator dealing with hundreds or thousands of user and machine 
 accounts.
 
 Here is how I imagine doing it. The customer has two new servers 
 (hardware), one of which will be a replacement for the existing Samba 
 box (which handles file storage and sharing), the other of which will be 
 the Windows 2003 AD server.
 
 I will make a copy of the existing Samba 3 domain to one new box, and 
 install Windows 2003 in the other new box. These boxes will be at this 
 point disconnected from the production network, leaving it intact and 
 unchanged for now. This lets us make mistakes on the new systems without 
 affecting their production network.
 
 Configure the Samba server so it looks like an NT 4 server (how?).
 
 Join the Windows 2003 server as a member server to the Samba 3 domain.
 
 Run the Active Directory installation wizard to migrate the domain, 
 elevating the Windows 2003 server to an Active Directory server.
 
 Take the Samba 3 server offline, rebuild it, joining it to the new 
 W2K3/AD domain as a simple file server.
 
 Any reason this won't work? Your experiences? Your wisdom?
 
 One final question: Can Exchange 2003 be made to authenticate against a 
 Samba domain? I would expect not, since a Samba domain is mostly an NT4 
 equivalent and Exchange 2003 requires a domain at least at AD2000 
 functional level. Maybe AD2003 functional level.

Why not just do the easy thing... add 2003 to the samba domain... and
just have local AD and then it'll just work.
-- 
greg, [EMAIL PROTECTED]

The technology that is
Stronger, better, faster:  Linux


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba