[Samba] Migration of samba filers from NT4 into AD server backend

Andi andi.sherratt at ntlworld.com
Sun Jan 13 14:48:33 GMT 2008


I'm looking for a little bit of advice on migrating to an AD backend.

We currently have 2 Domains (from a company merger) - one on NT4 DC, one 
on Samba DC. The 2 domains trust each other.

We need to move to a single domain, and standardise on username format 
etc. The decision has been made to use Win2K3/AD as the backend.

The AD is to be setup from scratch - user, groups, settings etc are not 
being migrated from the old domains. The username format is being 
changed to a completely different scheme than was previously used.

I'm responsible for the Samba side of things, but I am not sure of the 
best way to change the Samba filers from being part of an NT4 domain to 
be part of the AD.

The plan at present, is to use hybrid(mixed?) mode and get the old 
domains to trust the new one (one way trust) and apply additional file 
permissions for the new domain so that it does not matter if a user logs 
in with their old or new account.

Once we are happy that we no longer need the old domains, I am hoping to 
be able to join the samba boxes to the AD (native mode). I am expecting 
to have to modify the file permissions, and plan to dump the ACLs to a 
file, remove references to the old domains, tidy up the file as 
necessary, and then re-apply the ACL's from the file.

We will shortly be setting up a test enviroment to make sure this will 
all work.

Are there likely to be any issues with doing the 'migration' this way?
Is there a better/easier way of doing all this?



More information about the samba mailing list