[Samba] Migrating from Samba 3: no groups/users are imported ("listed, but then not found", "does not belong to our domain")

[Rowland Penny]

On Thu, 06 Sep 2018 12:22:11 +0700
Konstantin Boyandin via samba <samba at lists.samba.org> wrote:

> Rowland Penny via samba писал 2018-09-05 15:56:
> > On Wed, 05 Sep 2018 15:26:30 +0700
> > Konstantin Boyandin via samba <samba at lists.samba.org> wrote:
> >> 
> >> Exactly that. I need to create a separate domain; after all the
> >> checks are done that switching to it works, the computers will
> >> rejoin the new domain. Our Samba 3 domain is used for years; since
> >> Window 10 is unable to join it any more, we are finally migrating
> >> everything to Samba 4.
> > 
> > Then you might as well just provision a new domain, dump your users,
> > groups etc to a file. Write a script to parse the file and then add
> > them to your new AD.
> 
> Current approach does import users and groups; it only fails to
> assign users to groups properly. It can do already, but I would
> prefer less manual interaction.
> 
> >> Note: every user belongs to "Domain Users" group, other group
> >> memberships are lost.
> > 
> > Yes, every AD users primary group is Domain Users, your other
> > problem is very probably being caused by the way you are trying to
> > bend the classicupgrade upgrade script
> 
> I am not sure what I am "bending".

The whole idea behind a classicupgrade is that you start with an
NT4-style PDC and end up with an AD DC. Your users, groups, etc have
the same RID's, the domain has the SID, all passwords are retained,
all RFC2307 attrinutes are retained and finally, the clients do not
notice.

> 
> The classic upgrade did fail in exactly the same way even when I
> tried to do it literally as the corresponding guide tells:

Then there must be something wrong with your PDC, perhaps it was just
too old.

Sorry

Rowland