[Samba] How to migrate a huge AD 2003 domain to samba 4 ?

Javier Barroso javibarroso at gmail.com
Tue Jul 8 02:18:31 MDT 2014


We are thinking about migrate our AD to samba 4.

I found a thread at this list [1] where the steps are:

1. Join samba4 with samba-tool domain join ...
2. ensure that the directory is replicated
3. copy the sysvol share from win2k3 to samba4
4. run samba-tool ntacl sysvolreset on the samba4 box
5.-1000. Test test test
1001. If you are satisfied with how samba4 is working you can launch
dcpromo on win2k3 in order to demote it.

Our problem is that we have many servers in our AD:

$ netdom /query FSMO
Schema owner                server3.domain
Domain role owner          server3.domain
PDC role                         server1.domain
RID pool manager          server1.domain
Infrastructure owner        server1.domain

We have a server2.domain which acts like server 1 backup.

Then we have server4.domain, server5.domain, server6.domain,
server7.domain which acts as GPO / sysvol replicators to other ~ 200
domain controllers. Each one of that 200 domains controlllers (call it
Office Domain Controllers) have attached like 20 - 30 windows clients.

Let call server{1,2,3,4,5,6,7}.domain "cpd Domain Controllers")

Our intention is migrate our  cpd Domain Controllers server group to
samba 4, and remove all 200 domain controller (each windows client /
in the future there will be some linux clients too would login against
samba domain controllers at cpd (we could reuse server{4,5,6,7}.domain
servers to provide login / network storage maps to final clients)

I'm asking for your opinion and the steps that we should follow

Which is the way to go ?

1. Create 7 samba4 servers and replicate each original server. Then
think how could we remove Office Domain Controllers.
2. Reduce the final number of servers assuming various roles in one server
3. First consolidate the environment, remove "Office Controllers" and
move its functions to some new cpd server which . Then migrate to
samba4 like at step 1.
4. Please share your ideas

I hope you can understand our plan (sorry for my english)

Thank you

[1] https://lists.samba.org/archive/samba/2012-November/169932.html

More information about the samba mailing list