[Samba] Migrating from Samba 3: no groups/users are imported ("listed, but then not found", "does not belong to our domain")

[Konstantin Boyandin]

Rowland Penny via samba писал 2018-09-05 15:56:
> On Wed, 05 Sep 2018 15:26:30 +0700
> Konstantin Boyandin via samba <samba at lists.samba.org> wrote:
>> 
>> Exactly that. I need to create a separate domain; after all the
>> checks are done that switching to it works, the computers will rejoin
>> the new domain. Our Samba 3 domain is used for years; since Window 10
>> is unable to join it any more, we are finally migrating everything to
>> Samba 4.
> 
> Then you might as well just provision a new domain, dump your users,
> groups etc to a file. Write a script to parse the file and then add
> them to your new AD.

Current approach does import users and groups; it only fails to assign 
users to groups properly. It can do already, but I would prefer less 
manual interaction.

>> Note: every user belongs to "Domain Users" group, other group
>> memberships are lost.
> 
> Yes, every AD users primary group is Domain Users, your other problem
> is very probably being caused by the way you are trying to bend the
> classicupgrade upgrade script

I am not sure what I am "bending".

The classic upgrade did fail in exactly the same way even when I tried 
to do it literally as the corresponding guide tells:

https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)

(i.e. while keeping same workgroup name)

All I did was to ensure the new domain with unique SID is generated. 
 From the viewpoint of LDAP database, domain SID matches groups/users 
SID, so a) why the above problem b) why classic upgrade *does* copy 
users/groups anyway?

Thanks.

Sincerely,
Konstantin