[Samba] Moving a PDC

Dominik Rau dominik_rau at gmx.de
Tue Nov 24 15:25:17 MST 2009

Hi list.

We're running a Debian Etch Server with Samba 3.0.24 as primary domain 
controller for a XP dominated network. For various reasons, we're 
migrating our server to a new machine running on Centos 5.4 (and Samba 
3.0.33). Additionally, I decided to get rid of our messy LDAP setup, as 
it is quite a pain to use and IMHO overkill for our small software shop 
(~15 machines / users), so I've set up the new system to work with 
tdbsam instead.

So basically, we currently got two fully working domain controllers in 
our network, one serving RVNET (old) and the other RVNET2(new) , RVNET 
with an ldap backend and users A,B,C... and the new RVNET2 with equally 
named "plain" Linux/samba users-Users A, B, C.Adding new users to the 
new domain works fine, adding new machines and storing profiles too.

Now the question is: How do I move the profiles from the old machine to 
the new one correctly? And how can I convince Windows XP to ignore the 
fact, that user RVNET\A is now user RVNET2\A. My naive approach would be...

* Make sure all users store their profiles on the server and log off.
* Copy the contents of /samba/profiles from old to new machine and 
adjust user right properly to local system users.
*  Get in front of every machine, login as local administrator, move the 
old Documents and Settings\A directory out of the way (not deleting, 
just to be sure)
* Leave the old and join the new domain, reboot.
* Logon as RVNET2\A, fetching my "old" profile from the server and go on 
doing my work as in the old domain.

The fact that I might to have reset rights on the new machine (e.g. User 
RVNET2\A might have administrator rights on  a particular machine) and 
that my users must play with their home directories is not a big issue 
in our small environment and acceptable. The big advantage in my opinion 
would be that I can move one machine/user after another and it involves 
only tools that I know.

However, I googled quite a lot the last few days and found many posts 
etc. about wrong SIDs in the registry, NTUSER.dat, getting in and out a 
domain, various Windows tools for related tasks, but either it didn't 
match my situation or the tools didn't work on my system, to expensive, 
overkill etc. ...

So, the bottomlineof all this: Does my approach work? Is it ok to do 
what I just described (considering the fact that I accept to do some 
administrative work on every machine)? If not, what else to consider / 

Thanks a lot for your time,


More information about the samba mailing list