[Samba] Running an NT4 PDC and an ADC side by side

Marc Muehlfeld samba at marc-muehlfeld.de
Thu Mar 20 13:18:13 MDT 2014

Hello Andreas,

Am 20.03.2014 10:01, schrieb samba.20.andwin at spamgourmet.com:
> I'm planning to migrate an existing Samba 3.4.7 NT4-domain
> (our.site.com) to a Samba 4.1.6 AD-domain (ad.our.site.com) on another
> machine. Our site currently has about 30 clients and 50 user accounts.
> My plan is to setup the ADC on the other machine and to migrate the
> user accounts using the Samba4 classicupgrade tool. I would then newly
> setup groups, permissions, etc. on the new ADC. After an extensive
> test phase I would then join one client machine after the other to the
> new AD-domain.
> My main question before I start is: Is it possible to safely run an
> NT4 PDC for our.site.com and an ADC for ad.our.site.com in parallel on
> the same subnet (both on different machines) or are there problems to
> be expected?

You can do this. But you can't have a trust between. So when users can't 
simply access resources on the other domain. And maybe users won't reach 
servers, if you have different DNS search domains and not all records in 
both DNS zones.

But why you want to have it side by side and not simply migrate? Do you 
have many other tools authenticating against your openLDAP backend or 
storing additional stuff in there other applications use?


More information about the samba mailing list