[Samba] Samba migration to AD

Andrew Bartlett abartlet at samba.org
Sun Sep 10 19:36:01 UTC 2023 

I really don't think anybody can answer your question to the degree of
certainty you want, 4.4 is a very old version of Samba now.  There are
numerous issues you can face, particularly from Samba 4.4 if you have a
domain with a specific object pattern.  (For a customer, I added code
to more recent Samba versions to assist in replication from Samba 4.4).
I suggested you first upgrade Samba, because the last time I did such a
migration (from an even older version) that is how I did it.  
Modern Samba versions let you create a lab domain where you can test
your upgrade and migration, otherwise do what trials and testing you
can in your own environment.  Nobody is going to, absent a commercial
support arrangement, going to promise any specific outcome, we don't
know your domain etc.  
Andrew Bartlett
On Fri, 2023-09-08 at 08:32 +0200, Trenta sis wrote:
> Hi,
> With 4.4.x I understand that is supported to migrate to a W2008R2
> withwiki articles to join as DC?Thanks
> Missatge de Trenta sis <trenta.sis at gmail.com> del dia ds., 2 de
> set.2023 a les 9:43:
> > Hi Andrew,
> > Thanks for you information!
> > I understand that Samba 4.4.x that is shcema2008r2, if you make a
> > join2008r2 to samba 4.4.x and then transfer rols to 2008R2 (how?)
> > andfinally despromote will migrate Ad object -users, computers-,
> > DNS,then manually migrate netlogon and gpo manually, will work?
> > And after that with a native 2008R2, usual steps will allow to
> > migrateto latest AD and schema, as MS describes to migrate 2008
> > to2016/2019/2022
> > Is this correct or any additional steps required?
> > Thanks
> > Missatge de Andrew Bartlett <abartlet at samba.org> del dia dj., 31
> > d’ag.2023 a les 23:21:
> > > Not really answering your question, but as context:
> > > For a period of time, newer windows versions refused to join to
> > > Samba,as they used a WMI method (which we don't support, being
> > > DCOM) to workout what version we were.
> > > We told MS, and they fixed that, which was nice of them.
> > > Since then, we have also worked around the issue by being able
> > > toincrease our functional level preparation (which was part of
> > > theblocker), and indeed now claim (not finished, but claim enough
> > > for themigration) to be FL 2012 and FL 2016.
> > > I certainly would first do an in-place or network-join upgrade of
> > > Sambato as new as version as your systems can support.
> > > Andrew Bartlett
> > > On Thu, 2023-08-31 at 23:13 +0200, Trenta sis via samba wrote:
> > > > Thanks on wiki appears
> > > > https://wiki.samba.org/index.php/Joining_a_Windows_Server_2008_/_2008_R2_DC_to_a_Samba_AD
> > > > 
> > > >  I understand that this can be used to migrate fist 2008r2 and
> > > > the tonewer versions windows?Any special requirement for
> > > > initial join between 2008r2 and samba(specific min version
> > > > required to allow this join?)
> > > > Anybody has migrated with a successful result?
> > > > Thanks
> > > > Missatge de Fabio Fantoni <fabio.fantoni at m2r.biz
> > > > > del dia dl., 28
> > > > d’ag. 2023 a les 13:38:
> > > > > Il 27/08/2023 14:01, Trenta sis via samba ha scritto:
> > > > > > Hi,
> > > > > > I need to evaluate a migration of two samba DC to a native
> > > > > > ADcontroller, reading wiki, appear that can join to windows
> > > > > > 2008,but Ican't find a full complete migration steps,
> > > > > > anybody hasexperienceabout this migration from samba 4.4.5
> > > > > > to AD DC?What are the key on this migration?
> > > > > > Thanks!
> > > > > 
> > > > > Hi, I did some tests in latest years to migrate domains with
> > > > > sambaADdomain controllers to windows AD domain controller.
> > > > > Near all tests was adding windows 2008R2 before but all
> > > > > failed,tried tofollow some different howtos (major part is
> > > > > near the same) butwindowsalways fails to complete the first
> > > > > synchronization and even if Ienabledand synced SYSVOL
> > > > > manually the issue on windows persist and alsotryingto force
> > > > > remove of samba DC and add other windows DC I've
> > > > > neverbeenable to get a consistent one (of windows DC).
> > > > > small note, before there is to create two attributesmsDS-
> > > > > SDReferenceDomain in the "cn=configuration" (not all
> > > > > howtotellthem), in this for example that is also a script to
> > > > > do easy (ispossibleto do also manually with "ADSI edit" from
> > > > > windows tools like what Idid):
> > > > > https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_add_windows_active_directory.html
> > > > > 
> > > > > 
> > > > > now that next samba version (4.19) add more functionality
> > > > > aboutdomainfeature level I also tried to increase it for try
> > > > > adding directlywindows 2012r2 and windows 2019 servers, but I
> > > > > had 2 errors fornow, onereported and fixed and one report
> > > > > just now (however this is quitenormalwith new version still
> > > > > in "rc" and a newly added feature, FL 2016isalso partial). I
> > > > > think issues samba side can be solved,it's just amatter of
> > > > > time, what which unfortunately are more difficult are
> > > > > thewindows ones.
> > > > > Has anyone had success migrating from samba to windows and
> > > > > know howtotroubleshoot the windows DCs issue? I have not been
> > > > > able to find asolution from online research and I have tried
> > > > > in many ways, now Ijusthave to try with higher domain feature
> > > > > level on more recent windowsservers
> > > > > thanks for any reply and sorry for my bad english
> > > > > 
> > > > > --Questa email è stata esaminata alla ricerca di virus dal
> > > > > softwareantivirus Avast.www.avast.com
> > > > > 
> > > --Andrew Bartlett (he/him)       https://samba.org/~abartlet/
> > > Samba Team Member (since 2001) https://samba.org
> > > Samba Team Lead                
> > > https://catalyst.net.nz/services/samba
> > > Catalyst.Net Ltd
> > > Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT
> > > groupcompany
> > > Samba Development and Support: 
> > > https://catalyst.net.nz/services/samba
> > > 
> > > Catalyst IT - Expert Open Source Solutions
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead                https://catalyst.net.nz/services/sambaCatalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions

More information about the samba mailing list