[Samba] NT4 Migration Question

L. Mark Stone LMStone at RNoME.com
Fri Mar 5 20:59:54 GMT 2004 

Hi John!

On Fri, 2004-03-05 at 13:14, John H Terpstra wrote:
> On Fri, 5 Mar 2004, L. Mark Stone wrote:
> 
> > A client has an existing NT4 domain with several NT4 servers. Two of the
> > NT4 Servers function as a PDC and a BDC.
> >
> > We are installing Samba-3 on SuSE 9.0 Pro as a PDC with an LDAP backend,
> > and decommissioning the NT4 PDC at the same time. So far, so good. We
> > can also rebuild the old PDC hardware as a Samba-3 on SuSE 9.0 Pro BDC.
> >
> > Unfortunately however, the NT4 BDC cannot be removed from the network
> > for another six months, as it hosts a vertical application key to the
> > business and used every day by some 100 users at the client.  In
> > addition, the configuration of this BDC is quite complex; reinstalling
> > the OS and the vertical application would be a challenge and, given the
> > various customizations to the vertical application, not likely to
> > succeed.
> >
> > Two questions then:
> >
> > 1. What are the implications of leaving this existing NT4 BDC in place
> > with a new Linux-Samba-3 PDC (and possibly a new Linux-Samba BDC)?
> 
> The NT BDC will soon fall out of date with your Samba PDC (assuming you
> migrated the NT4 PDC to Samba-3).
> 
> Samba-3 does not support the NT4 domain SAM replication protocols. You
> will soon have a broken network - unless you can deomte the NT4 BDC to a
> Stand-Alone server (which will stop it from performing domain control
> functions such as network logon handling and SAM replication).

Yup, we know that SAM replication isn't there between NT4 and Samba.

The other option we've uncovered is to dcpromo the NT4 server to a PDC,
migrate the accounts to the Samba server (which will also think its the
PDC), and then shut off LMAnnounce on the NT4 server via a registry
entry. (we would decommission the other NT4 DC.)  We may also try
disabling the NT4's Server service as well.

The critical application relies on Exchange 5.5, which also runs on this
NT4 server.  We have been told that Exchange may fail if it wakes up
after a reboot and finds it is no longer living on a DC. So, turning off
LMAnnounce (we believe) will result in the NT4 box thinking it is still
a PDC, but no clients on the network will ever talk to it, so it will
just be a lonely PDC. And if Exchange needs PDC services, those will
still be available locally. The domain user accounts used by Exchange
are not person-specific, so they will never change and we need not worry
about maintaining perfect correlation between Samba and this NT4 box. We
just need to make sure the NT4 box can't ever perform DC services on the
domain.

> 
> > 2. Has anyone used UPromote, which claims to do be able to demote an NT4
> > BDC to a member server without reinstalling the OS? (See
> > http://utools.com/UPromote.asp for more info.)
> 
> That's a neat tool. It looks like it will permit you to demote the BDC to
> a Stand-Alone server, but be careful! You may find that the vertical
> application requires support for certain protocols that may not be
> supported by a Samba domain controller.

The app's domain needs are limited to moving files around between this
box and three others via mapped drives. The box should still be able to
browse the network, so I think we are probably OK. The trick bits for
the app are the ways it moves and processes files through Exchange.

> 
> You could test this by using Norton Ghost to clone the BDC, then demote
> the BDC using the UPromote tool, then test the application in a Samba
> domain. At least this will provide a conclusive answer.

I too like to have rollback options!  If we did the dcpromo trick above,
and it didn't work, we could always put the other NT4 DC (now the BDC)
back online, run dcpromo again to make the problem NT4 box a BDC, and
try your Ghost/UPromote trick (also reversible).

What do you think of the "isolated PDC" strategy above?

Thanks!
Mark

-- 
______________________________________________________________
L. Mark Stone
President
Reliable Networks of Maine, LLC
477 Congress Street, 5th Floor
Portland, ME 04107

Tel: (207) 772-5678
Cell: (917) 597-2057
Email: LMStone at RNoME.com
Web: http://www.RNoME.com

More information about the samba mailing list