[Samba] Upgrading from NT to AD

James Chamberlain jamesc at exa.com
Thu Jun 11 17:16:42 GMT 2009

On Jun 10, 2009, at 9:24 PM, Edward Ned Harvey wrote:

>> Could someone point me toward documentation on the impact to Samba of
>> upgrading from an NT domain to Active Directory?  I've found docs on
>> Samba with NT domains and docs on Samba with AD, but not so much on
>> the upgrade process.  I'd like to know exactly what I'm doing  
>> before I
>> do anything that could cut my Windows users off from the file
>> servers.  Whether it's as easy as "do the upgrade and your Samba
>> servers will automatically make the transition", or I have to set up
>> Kerberos and make changes to smb.conf, I want to be sure I know all
>> the steps involved.
> I don't know any such documentation (and good luck to you finding  
> it) - I
> would think maybe you'll find something going from 2003 to 2008 ...  
> but from
> NT to AD ... phew doggy...

It's something that I'm sure enough people have done at this point  
that documentation must exist somewhere.  Even if it's old, it's not  
like NT has changed in years.

> Anyway - I do have some advice for you.  Find some way to attach a  
> new hard
> drive to the windows server.  Boot from something like centos cd1 in  
> rescue
> mode.  Use dd to backup the OS hard drive to a file on the new HD.   
> If the
> OS hard drive is software mirrored, make separate dd's for each of  
> the 2
> hard drives.  That way, you're free to do what you need to do, and you
> always have a safetynet.

Thanks for the advice.  I'm going to be retiring the old NT server  
during this process and replacing it with a new system.  I'm planning  
to use a third system as a swing server to help me get the upgrade  
done.  I'll shut down the PDC, promote the BDC and upgrade it, then  
bring up the new PDC as a BDC (essentially), promote it and shut down  
the swing box.  There shouldn't be any cruft left over from NT on my  
new PDC, and if something goes wrong in the process, I can bring up  
the old PDC and be back up and running quickly.

I'll be doing a dd backup anyway, because it's always better to be  
safe than sorry.

> Assuming you're using Kerberos, my expectation is that you don't  
> need to do
> anything at all on the samba server.  But don't hold me to it.

How about if I'm not currently using Kerberos?



More information about the samba mailing list