[Samba] Migrating domain from Samba 3 to Windows 2003

Greg Folkert greg at gregfolkert.net
Sun Feb 13 00:34:55 GMT 2005


On Sat, 2005-02-12 at 14:40 -0800, Jonathan Johnson wrote:
> At the risk of being called a turncoat and traitor in Sambaland, I ask, 
> "how do I migrate from a Samba 3 domain to a Windows 2003 Active 
> Directory domain?"
> 
> A customer has determined that they wish to use the groupware features 
> of Microsoft Exchange. They already have the licenses they need, so 
> there's no point in convincing them that Samba will be cheaper or that 
> some Linux-based solution will work. This of course requires Active 
> Directory (although I would not be surprised if a subscriber to this 
> list proves me wrong), and by extension, migrating their existing Samba 
> 3 domain.
> 
> Of course, it would be easy to just create a new domain. Since this 
> customer has only 6 machine accounts and 7-10 user accounts, it's not a 
> big deal to recreate them. However, one must remember that creating new 
> users in a new domain means that user profiles will be "lost" since the 
> profile (read: NTUSER.DAT) is tied to the SID of the user. New domain = 
> new SIDs. It's possible but tedious and risky with unpredictable results 
> (due to permissions, again tied to the SID) to migrate user profiles. A 
> domain migration would be much smoother, if possible, especially for an 
> administrator dealing with hundreds or thousands of user and machine 
> accounts.
> 
> Here is how I imagine doing it. The customer has two new servers 
> (hardware), one of which will be a replacement for the existing Samba 
> box (which handles file storage and sharing), the other of which will be 
> the Windows 2003 AD server.
> 
> I will make a copy of the existing Samba 3 domain to one new box, and 
> install Windows 2003 in the other new box. These boxes will be at this 
> point disconnected from the production network, leaving it intact and 
> unchanged for now. This lets us make mistakes on the new systems without 
> affecting their production network.
> 
> Configure the Samba server so it looks like an NT 4 server (how?).
> 
> Join the Windows 2003 server as a member server to the Samba 3 domain.
> 
> Run the Active Directory installation wizard to migrate the domain, 
> elevating the Windows 2003 server to an Active Directory server.
> 
> Take the Samba 3 server offline, rebuild it, joining it to the new 
> W2K3/AD domain as a simple file server.
> 
> Any reason this won't work? Your experiences? Your wisdom?
> 
> One final question: Can Exchange 2003 be made to authenticate against a 
> Samba domain? I would expect not, since a Samba domain is mostly an NT4 
> equivalent and Exchange 2003 requires a domain at least at AD2000 
> functional level. Maybe AD2003 functional level.

Why not just do the easy thing... add 2003 to the samba domain... and
just have "local" AD and then it'll "just work".
-- 
greg, greg at gregfolkert.net

The technology that is
Stronger, better, faster:  Linux
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050212/30182c08/attachment.bin


More information about the samba mailing list