[Samba] NT4 Migration Question

John H Terpstra jht at samba.org
Fri Mar 5 18:14:15 GMT 2004 

On Fri, 5 Mar 2004, L. Mark Stone wrote:

> A client has an existing NT4 domain with several NT4 servers. Two of the
> NT4 Servers function as a PDC and a BDC.
>
> We are installing Samba-3 on SuSE 9.0 Pro as a PDC with an LDAP backend,
> and decommissioning the NT4 PDC at the same time. So far, so good. We
> can also rebuild the old PDC hardware as a Samba-3 on SuSE 9.0 Pro BDC.
>
> Unfortunately however, the NT4 BDC cannot be removed from the network
> for another six months, as it hosts a vertical application key to the
> business and used every day by some 100 users at the client.  In
> addition, the configuration of this BDC is quite complex; reinstalling
> the OS and the vertical application would be a challenge and, given the
> various customizations to the vertical application, not likely to
> succeed.
>
> Two questions then:
>
> 1. What are the implications of leaving this existing NT4 BDC in place
> with a new Linux-Samba-3 PDC (and possibly a new Linux-Samba BDC)?

The NT BDC will soon fall out of date with your Samba PDC (assuming you
migrated the NT4 PDC to Samba-3).

Samba-3 does not support the NT4 domain SAM replication protocols. You
will soon have a broken network - unless you can deomte the NT4 BDC to a
Stand-Alone server (which will stop it from performing domain control
functions such as network logon handling and SAM replication).

> 2. Has anyone used UPromote, which claims to do be able to demote an NT4
> BDC to a member server without reinstalling the OS? (See
> http://utools.com/UPromote.asp for more info.)

That's a neat tool. It looks like it will permit you to demote the BDC to
a Stand-Alone server, but be careful! You may find that the vertical
application requires support for certain protocols that may not be
supported by a Samba domain controller.

You could test this by using Norton Ghost to clone the BDC, then demote
the BDC using the UPromote tool, then test the application in a Samba
domain. At least this will provide a conclusive answer.

- John T.
-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list