[Samba] Eventually transitioning to Windows Server 2016

Fabian Fritz fabianfuture at web.de
Sat Dec 16 13:09:44 UTC 2017


I am preparing to get our Data Center from a Samba 3.5 NT4 domain to AD.
All users, file ownerships, etc. have to remain of course. I am planning to
use Samba 4.7.x, but I was wondering if it is possible to eventually
transition to Windows Server 2016 as the only DC hosts.

The way I understand it is that this is not possible right now, because
Samba doesn't support that schema version (among other things). Thus I
couldn't join WS 2016 DCs and take out the Samba DC. So unless Samba is
updated, once I have AD with Samba-only DC I can't get to WS 2016 with my
domain, right?

The other way would be to go to WS 2016 straight away. I've heard there's
this ADMT tool that can get you from a NT4-style domain to a modern AD
domain. But assuming I do that and have WS2016 DCs, can Samba 4.7.x at
least join as a member to act as a file server?

Also, a kind of unrelated question: Are the passwords from the NT4 domain
somehow rehashed to whatever AD uses? I've heard NT4 uses DES and that's
considered rather insecure these days, but I can't think of how Samba would
be able to change the hash method without knowing the passwords in plain


More information about the samba mailing list