[Samba] Upgrading Samba 3 to Samba 4 with Active Directory at many sites

Luke Barone lukebarone at gmail.com
Wed May 25 20:28:54 UTC 2016

First, background information. We are a large (geographically local)
organization with 50 sites, including our HQ. Each site has a Debian Server
running Samba in NT-Domain Controller mode. Each site is independant of the
next, but are all named <SITE>.example.com. The workstations are connected,
and working fine in our sites with the single servers.

We had a recent network upgrade that now has every site with a 10.X.Y.Z
address. X is the site code, so each site is in the same subnet,
and we can see the networks from each site. Now is the time to setup Active
Directory, right?

My goal is to create a forest, starting at the HQ (HQ.example.com) level,
and working down to each site (SITEA.example.com, SITEB.example.com, etc).
Our goal is to upgrade to Active Directory at each location, so as to not
lose any of the user data (username/passwords, group memberships, etc), and
then merge the AD Domains into a hierarchial forest, with each of the techs
responsible for the domain at their sites. We are hoping that it will also
allow us to have a user's primary DC (I know that term isn't use, but let's
say it's the site's main one) down, but still authenticate to another
trusted domain controller.

Will Samba 4 allow us to do this? If so, is it simply a process of 1)
Upgrade role to Active Directory Domain Controller, 2) Use Active Directory
Sites and Services to link each of the 50 domains together? Or is there
more to it that we need to work on first?

More information about the samba mailing list