[Samba] My terrible fail - started AD together with NT4 domain. Help needed

Michal67M at seznam.cz Michal67M at seznam.cz
Tue Jul 10 13:25:09 UTC 2018

I am in a process of moving from NT4 domain to AD domain. And I did exactly 
what should not be done, I run AD on the production network. Now clients 
(Win7 and Win10) can not see old NT4 domain controller. 

What exactly I did:
  - exported production LDAP data of our  domain called "NIS" and started 
new LDAP server with that data on new linux server, called ad1
  - copied samba config etc data from NT4 linux controller to ad1 to /etc/
 -  I changed domain name from "NIS" to "UHN" both in smb.conf and LDAP (I 
believed this will prevent problems with running AD on the same network). I 
did not change domain SIDs in LDAP data (I thought changing domain name will
be enough).
 - I installed samba 4.8.2 on ad1 (into /usr/local/samba.ad) and run

 samba-tool domain classicupgrade --dbdir=/etc/samba.PDC/ --realm=ad.nemuh.
cz --dns-backend=BIND9_DLZ 

After correction of numerous errors in LDAP data this command succeded.

Then I run 
 /usr/local/samba.ad/sbin/samba -i -M single -d 3 

I repeated about 5 times the cycle of deleting all LDAP data, removing /usr/
local/samba.ad, running samba upgrade and starting samba AD on ad1, starting
from last week till today.  The Samba AD is stopped now.

Now we can not add computers to old domain. And users, which were not had 
not been logged into old domain on PC before can not log on the PC at all.

Is there anything I can do to make clients be able to see old NT4 domain? 
Some registry change, etc?

I really would appreciate any help, this was really my big fail :-((  

Thanks, Michal

More information about the samba mailing list