[Samba] Some hint on migration from a set of NT4 domains to an AD domain...

Marco Gaiarin gaio at sv.lnf.it
Fri Sep 1 15:33:58 UTC 2017

Mandi! Denis Cardon via samba
  In chel di` si favelave...

> >Most of my doubt i think came from the fact that 'AD' (generally) a is
> >a very complex beast, and if samba in NT4 mode fit very well in a UNIX
> >environment (and mind ;), samba in AD mode forced me to think in some
> >''microsoft way'. And i'm not used to.
> Active Directory is not a simple beast, but the underlying tech and what it
> provides is not simple either. If you want to properly set up ldap,
> kerberos, dns in a multi-master replication scenario, it is not easy at all,
> and Samba AD make it really simple IMHO...

Sure. But it is not a simple matter of ''simplicity'': as sysadmin i'm
aware that, to prevent bad things to happen, i need to understood very
well how things works.

Samba 3 had excellent (and libre, indeed) documentation, and a more
''UNIX'' approach to things, so was realtively easy to understand how
worked, also in correlation with ''microsoft stuff''.

But, there's no more time for cry... ;-)

> >Initially my plan was to move every domain in his AD domain, doing
> >after that some sort of ''foresting''.
> domain trust relationship is not yet fully supported, so AD forest are not
> yet for tomorrow.

Ah. Oh. I was not aware of that. Thanks.

> >I'm really thinking of throwing all my 4 domains, simply
> >moving/importing users using sets of non-overlapping UID/GID, and
> >moving users from old domains to OU.
> if you have windows workstation, the main PITA during migration is the user
> profile migration. If you change the user SID, then the user will get a new
> shiny clean profile after migration.

Ah. Right. I've forgot about that. Thanks.

But probably this can be done also migrating to Win10, that AFAI've
understood use another format for profiles (.V4?).

> also their profile. Actually the server side migration part is the fastest
> and easiest (Samba team is really doing a great job!). If you have a large
> number of user, your real pain will be on desktops and with business apps.

I think i'll need to setup some scripts.

Someone have just done this? Or, there's a way to ''redirect'' the
classicupgrade script work to a ldif file, for 'post processing'?!


dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the samba mailing list