[Samba] Moving a PDC
dominik_rau at gmx.de
Tue Nov 24 15:25:17 MST 2009
We're running a Debian Etch Server with Samba 3.0.24 as primary domain
controller for a XP dominated network. For various reasons, we're
migrating our server to a new machine running on Centos 5.4 (and Samba
3.0.33). Additionally, I decided to get rid of our messy LDAP setup, as
it is quite a pain to use and IMHO overkill for our small software shop
(~15 machines / users), so I've set up the new system to work with
So basically, we currently got two fully working domain controllers in
our network, one serving RVNET (old) and the other RVNET2(new) , RVNET
with an ldap backend and users A,B,C... and the new RVNET2 with equally
named "plain" Linux/samba users-Users A, B, C.Adding new users to the
new domain works fine, adding new machines and storing profiles too.
Now the question is: How do I move the profiles from the old machine to
the new one correctly? And how can I convince Windows XP to ignore the
fact, that user RVNET\A is now user RVNET2\A. My naive approach would be...
* Make sure all users store their profiles on the server and log off.
* Copy the contents of /samba/profiles from old to new machine and
adjust user right properly to local system users.
* Get in front of every machine, login as local administrator, move the
old Documents and Settings\A directory out of the way (not deleting,
just to be sure)
* Leave the old and join the new domain, reboot.
* Logon as RVNET2\A, fetching my "old" profile from the server and go on
doing my work as in the old domain.
The fact that I might to have reset rights on the new machine (e.g. User
RVNET2\A might have administrator rights on a particular machine) and
that my users must play with their home directories is not a big issue
in our small environment and acceptable. The big advantage in my opinion
would be that I can move one machine/user after another and it involves
only tools that I know.
However, I googled quite a lot the last few days and found many posts
etc. about wrong SIDs in the registry, NTUSER.dat, getting in and out a
domain, various Windows tools for related tasks, but either it didn't
match my situation or the tools didn't work on my system, to expensive,
overkill etc. ...
So, the bottomlineof all this: Does my approach work? Is it ok to do
what I just described (considering the fact that I accept to do some
administrative work on every machine)? If not, what else to consider /
Thanks a lot for your time,
More information about the samba