[Samba] Samba migration to AD

Tue Sep 12 08:47:46 UTC 2023

Hi Andrew,

Thanks PErfect, we have made a lab domain and seem that work with
4.4.x, thanks for your help!!

Missatge de Andrew Bartlett <abartlet at samba.org> del dia dg., 10 de
set. 2023 a les 21:36:
>
> I really don't think anybody can answer your question to the degree of certainty you want, 4.4 is a very old version of Samba now.  There are numerous issues you can face, particularly from Samba 4.4 if you have a domain with a specific object pattern.  (For a customer, I added code to more recent Samba versions to assist in replication from Samba 4.4).
>
> I suggested you first upgrade Samba, because the last time I did such a migration (from an even older version) that is how I did it.
>
> Modern Samba versions let you create a lab domain where you can test your upgrade and migration, otherwise do what trials and testing you can in your own environment.  Nobody is going to, absent a commercial support arrangement, going to promise any specific outcome, we don't know your domain etc.
>
> Andrew Bartlett
>
> On Fri, 2023-09-08 at 08:32 +0200, Trenta sis wrote:
>
> Hi,
>
>
> With 4.4.x I understand that is supported to migrate to a W2008R2 with
>
> wiki articles to join as DC?
>
> Thanks
>
>
> Missatge de Trenta sis <
>
> trenta.sis at gmail.com
>
> > del dia ds., 2 de set.
>
> 2023 a les 9:43:
>
>
> Hi Andrew,
>
>
> Thanks for you information!
>
>
> I understand that Samba 4.4.x that is shcema2008r2, if you make a join
>
> 2008r2 to samba 4.4.x and then transfer rols to 2008R2 (how?) and
>
> finally despromote will migrate Ad object -users, computers-, DNS,
>
> then manually migrate netlogon and gpo manually, will work?
>
>
> And after that with a native 2008R2, usual steps will allow to migrate
>
> to latest AD and schema, as MS describes to migrate 2008 to
>
> 2016/2019/2022
>
>
> Is this correct or any additional steps required?
>
>
> Thanks
>
>
> Missatge de Andrew Bartlett <
>
> abartlet at samba.org
>
> > del dia dj., 31 d’ag.
>
> 2023 a les 23:21:
>
>
> Not really answering your question, but as context:
>
>
> For a period of time, newer windows versions refused to join to Samba,
>
> as they used a WMI method (which we don't support, being DCOM) to work
>
> out what version we were.
>
>
> We told MS, and they fixed that, which was nice of them.
>
>
> Since then, we have also worked around the issue by being able to
>
> increase our functional level preparation (which was part of the
>
> blocker), and indeed now claim (not finished, but claim enough for the
>
> migration) to be FL 2012 and FL 2016.
>
>
> I certainly would first do an in-place or network-join upgrade of Samba
>
> to as new as version as your systems can support.
>
>
> Andrew Bartlett
>
>
> On Thu, 2023-08-31 at 23:13 +0200, Trenta sis via samba wrote:
>
> Thanks on wiki appears
>
> https://wiki.samba.org/index.php/Joining_a_Windows_Server_2008_/_2008_R2_DC_to_a_Samba_AD
>
>
>
>  I understand that this can be used to migrate fist 2008r2 and the to
>
> newer versions windows?
>
> Any special requirement for initial join between 2008r2 and samba
>
> (specific min version required to allow this join?)
>
>
> Anybody has migrated with a successful result?
>
>
> Thanks
>
>
> Missatge de Fabio Fantoni <
>
> fabio.fantoni at m2r.biz
>
>
> del dia dl., 28
>
> d’ag. 2023 a les 13:38:
>
> Il 27/08/2023 14:01, Trenta sis via samba ha scritto:
>
> Hi,
>
>
> I need to evaluate a migration of two samba DC to a native AD
>
> controller, reading wiki, appear that can join to windows 2008,
>
> but I
>
> can't find a full complete migration steps, anybody has
>
> experience
>
> about this migration from samba 4.4.5 to AD DC?
>
> What are the key on this migration?
>
>
> Thanks!
>
>
>
> Hi, I did some tests in latest years to migrate domains with samba
>
> AD
>
> domain controllers to windows AD domain controller.
>
>
> Near all tests was adding windows 2008R2 before but all failed,
>
> tried to
>
> follow some different howtos (major part is near the same) but
>
> windows
>
> always fails to complete the first synchronization and even if I
>
> enabled
>
> and synced SYSVOL manually the issue on windows persist and also
>
> trying
>
> to force remove of samba DC and add other windows DC I've never
>
> been
>
> able to get a consistent one (of windows DC).
>
>
> small note, before there is to create two attributes
>
> msDS-SDReferenceDomain in the "cn=configuration" (not all howto
>
> tell
>
> them), in this for example that is also a script to do easy (is
>
> possible
>
> to do also manually with "ADSI edit" from windows tools like what I
>
> did):
>
>
> https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_add_windows_active_directory.html
>
>
>
>
> now that next samba version (4.19) add more functionality about
>
> domain
>
> feature level I also tried to increase it for try adding directly
>
> windows 2012r2 and windows 2019 servers, but I had 2 errors for
>
> now, one
>
> reported and fixed and one report just now (however this is quite
>
> normal
>
> with new version still in "rc" and a newly added feature, FL 2016
>
> is
>
> also partial). I think issues samba side can be solved,it's just a
>
> matter of time, what which unfortunately are more difficult are the
>
> windows ones.
>
>
> Has anyone had success migrating from samba to windows and know how
>
> to
>
> troubleshoot the windows DCs issue? I have not been able to find a
>
> solution from online research and I have tried in many ways, now I
>
> just
>
> have to try with higher domain feature level on more recent windows
>
> servers
>
>
> thanks for any reply and sorry for my bad english
>
>
>
> --
>
> Questa email è stata esaminata alla ricerca di virus dal software
>
> antivirus Avast.
>
> www.avast.com
>
>
>
> --
>
> Andrew Bartlett (he/him)
>
> https://samba.org/~abartlet/
>
>
> Samba Team Member (since 2001)
>
> https://samba.org
>
>
> Samba Team Lead
>
> https://catalyst.net.nz/services/samba
>
>
> Catalyst.Net Ltd
>
>
> Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
>
> company
>
>
> Samba Development and Support:
>
> https://catalyst.net.nz/services/samba
>
>
>
> Catalyst IT - Expert Open Source Solutions
>
>
> --
>
> Andrew Bartlett (he/him)       https://samba.org/~abartlet/
> Samba Team Member (since 2001) https://samba.org
> Samba Team Lead                https://catalyst.net.nz/services/samba
> Catalyst.Net Ltd
>
> Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company
>
> Samba Development and Support: https://catalyst.net.nz/services/samba
>
> Catalyst IT - Expert Open Source Solutions