[Samba] Replacing Win2000 DC with Samba4 - Success!

Lukas Gradl samba.org at ssn.at
Wed May 1 08:42:50 MDT 2013


Just wanted to share a little success story:

We where asked to replace a Win2000 DC deployed by another company  
which is'nt existing any more. As our focus is software development on  
linux we wanted to deploy a Samba-server instead of Windows.

So after some trial and error and a lot of reading and asking (many  
thanks to all that tried to help!) in mailing-lists and forums we  
managed to do the migration in several steps:

Samba4 is not able to migrate from Win2000 directly - we think this  
problem is not sufficiently addressed in the docs and in the wiki. So  
our first attempts to do so did not succeed.

Next step was to set up a Win2012R2 Server (the trial version is  
enough, no need to activate) and move over from Win2k to Win2012. How  
to do that is documented in the MS-Docs. Upgrade the Win2k  
ldap-schemes, add win2012 to domain, demote win2k, done.

Then we installed Samba4 and promoted it as an additional DC to the  
domain. This worked quite well, only little problems syncing the  
dns-Server. But I'm not shure if that was a problem with Samba4 but  
with our a little special bind9-setup instead - so no reason to worry  
about this in this mailing list.

After that we discovered that Win2012 can not be easyly removed from  
the domain - there seem to be some (known) Problems regarding demotion  
of Win2012 from a samba-domain. So we had to manually remove the  
win2012-Server from the domain. That was (including some tests) app.  
an hour of work - so no problem.

As an addtional benefit over a direct migration from win2k to samba4  
we could use the same name as the win2k-DC for the samba-server. so no  
need to change scripts using shares with the servername in it or  
desktop-shortcuts on the client machines!

The whole task (without copying the data stored on the fileserver) for  
replacing a single Win2k DC with Samba4 serving 25 Clients needed app.  
10 Hours including a lot of research in the mailing lists and taking  
several snapshots of the (virtualized) Servers involved to prevent  

Thanks to all involved for the perfect work!


More information about the samba mailing list