[Samba] Migration of samba filers from NT4 into AD server backend
andi.sherratt at ntlworld.com
Sun Jan 13 14:48:33 GMT 2008
I'm looking for a little bit of advice on migrating to an AD backend.
We currently have 2 Domains (from a company merger) - one on NT4 DC, one
on Samba DC. The 2 domains trust each other.
We need to move to a single domain, and standardise on username format
etc. The decision has been made to use Win2K3/AD as the backend.
The AD is to be setup from scratch - user, groups, settings etc are not
being migrated from the old domains. The username format is being
changed to a completely different scheme than was previously used.
I'm responsible for the Samba side of things, but I am not sure of the
best way to change the Samba filers from being part of an NT4 domain to
be part of the AD.
The plan at present, is to use hybrid(mixed?) mode and get the old
domains to trust the new one (one way trust) and apply additional file
permissions for the new domain so that it does not matter if a user logs
in with their old or new account.
Once we are happy that we no longer need the old domains, I am hoping to
be able to join the samba boxes to the AD (native mode). I am expecting
to have to modify the file permissions, and plan to dump the ACLs to a
file, remove references to the old domains, tidy up the file as
necessary, and then re-apply the ACL's from the file.
We will shortly be setting up a test enviroment to make sure this will
Are there likely to be any issues with doing the 'migration' this way?
Is there a better/easier way of doing all this?
More information about the samba