[Samba] Convert from NT style Domain to AD on Ubuntu 18.04

Rowland Penny rpenny at samba.org
Wed Feb 27 08:20:06 UTC 2019

On Tue, 26 Feb 2019 20:33:58 -0500
Robert Steinmetz via samba <samba at lists.samba.org> wrote:

> I have a small installation which includes 2 servers one is the PDC 
> which handles logins and stores profiles.and also handles email and
> some minor Apache stuff.

Define small, it might just be easier to start again.

The main problem with classicupgrading a NT4-style domain is the ID
numbers, these are usually the Windows RID's and these start at
Unfortunately Unix now starts normal user & group ID's at 1000, so
there is nowhere for local Unix users & groups. This might not be a
problem on distro's where root is used, but what if something goes
wrong with Samba on a distro like Ubuntu.

> There is also a member server which handles most of the file sharing.
> These servers have been in service since around 2006 running Ubuntu
> but are on their third motherboards, third set of drives and their
> 6th LTS version of Ubuntu.

This sounds a bit like the road sweepers brush, totally original, only
had 4 new shafts and 3 heads ;-)
> I know I need to convert to AD but I am afraid of really screwing 
> something up plus I've run some disappointing tests on other servers.

What went wrong ?

> I'd appreciate any comments on how best to approach this. I do have a 
> test installation which does not currently run Samba but could
> probably be set up to run an NT style Domain to test the conversion.
> I also have a second site which needs to be converted, it has a PDC
> and two member servers.
> My current thinking is to clean up the existing servers as much as 
> possible then run the Samba utility to do the switch on the PDC and
> then run it on the Member server, hopefully at the end of this I
> would have two AD Domain controllers.

You only run the classicupgrade once and you can do this on the PDC, or
on a different computer you have copied the required data to.

> My questions are:
>   * Do I actually need to run the utility on the Member Server of
> simply edit smb.conf to change the security and backend settings?
>   * How well does the utility work?
>   * How long will it take?
>   * What should I be on the look out for?
>   * What advise would you give me?

Read these wiki pages:



Ask any further questions.


More information about the samba mailing list