[Samba] Replace NT4 PDC

Collins, Kevin KCollins at nesbittengineering.com
Wed Jul 16 17:30:51 GMT 2003 

> I have an NT4 PDC that I would like to replace with a Samba server. My
> network also has a box running MS Exchange and Backoffice 
> (not the same box as the PDC).
> 
> What's the general roadmap for doing this? 

Phil:

Funny you should ask.... :-)  I'm two-thirds of the way down this path as I
write this.

What I did was create a new domain and do a cut-over.  I've a get a
semi-complete blog of the server build-up process here:
http://web.qx.net/kcollins I will be adding *much* more information to the
site over the next month as I complete the cut-over and roll out.  I may
even try to put a HOWTO on there showing everything I did - step by step.

I can tell you what I did and if needed, we can talk details later on...

My NT Setup was:
I had three offices each with their own NT4 PDC.  My main office had a PDC,
an Exchange 5.5 box and a print server/BDC.  Each of my remote offices had a
PDC serving their little part of the world.  I had 2 one-way trusts enabled
between each of the offices so everyone could *see* everyone else.

The first thing I did was to build a lab of 4 or 5 machines, played around
with some things and finally settled on building an LDAP enabled PDC here
and placing a "BDC" in each remote office that would be LDAP replicas.  This
is because Samba 2.2.x doesn't support traditional BDCs nor Domain Trusts.
This forced me to re-think and re-design my Domain layout.  All of this
became obvious in the lab, as did most of the roll-out/cut-over procedures.

Because there was so much at stake and I couldn't have the working domain
down, I did a side-by-side buildup of the new PDC on new hardware and did a
cutover of the main office over the 4th of July weekend.  This severed the
trusts and pretty much isolated each of my remote offices.  This past
weekend I rolled out one of the new "BDCs" in a remote office and brought
them back online.  I'm planning on pulling the last office in this coming
weekend.

The tricky-est thing I had to do was "transplant" Exchange.  I did it in a
"non-typical" way that worked, but it's not for the weak-hearted.  If you
want to know, I'll tell you...  If you are fortunate enough to have a
"spare" Exchange box, the process is would be a little more forgiving.

Samba 3.x is supposed to be a must more complete replacement for NT4.  This
would include TRUSTS and PDC/BDCs as well.  If you have the time, I would
probably wait for 3.x to come out.  Circumstances in my situation wouldn't
allow it.

Give yourself plenty of time - this isn't something you cobble together in a
weekend.  I did it (planning/lab/roll-out) in about 2-and-a-half months and
I feel I rushed it.  Make sure your PDC/BDC has plenty of RAM.  I've got no
less than 768M in my machines and I feel pretty comfortable with that.  I've
not had to "hit the swap" once - yet!

Good luck and yell if you need anything.

--
Kevin L. Collins, MCSE
Systems Manager
Nesbitt Engineering, Inc.

More information about the samba mailing list