[Samba] Convert from NT style Domain to AD on Ubuntu 18.04

Rowland Penny rpenny at samba.org
Wed Feb 27 08:20:06 UTC 2019 

On Tue, 26 Feb 2019 20:33:58 -0500
Robert Steinmetz via samba <samba at lists.samba.org> wrote:

> I have a small installation which includes 2 servers one is the PDC 
> which handles logins and stores profiles.and also handles email and
> some minor Apache stuff.

Define small, it might just be easier to start again.

The main problem with classicupgrading a NT4-style domain is the ID
numbers, these are usually the Windows RID's and these start at
500.
Unfortunately Unix now starts normal user & group ID's at 1000, so
there is nowhere for local Unix users & groups. This might not be a
problem on distro's where root is used, but what if something goes
wrong with Samba on a distro like Ubuntu.

> 
> There is also a member server which handles most of the file sharing.
> 
> These servers have been in service since around 2006 running Ubuntu
> but are on their third motherboards, third set of drives and their
> 6th LTS version of Ubuntu.

This sounds a bit like the road sweepers brush, totally original, only
had 4 new shafts and 3 heads ;-)
 
> 
> I know I need to convert to AD but I am afraid of really screwing 
> something up plus I've run some disappointing tests on other servers.

What went wrong ?

> 
> I'd appreciate any comments on how best to approach this. I do have a 
> test installation which does not currently run Samba but could
> probably be set up to run an NT style Domain to test the conversion.
> I also have a second site which needs to be converted, it has a PDC
> and two member servers.
> 
> My current thinking is to clean up the existing servers as much as 
> possible then run the Samba utility to do the switch on the PDC and
> then run it on the Member server, hopefully at the end of this I
> would have two AD Domain controllers.

You only run the classicupgrade once and you can do this on the PDC, or
on a different computer you have copied the required data to.

> 
> My questions are:
> 
>   * Do I actually need to run the utility on the Member Server of
> simply edit smb.conf to change the security and backend settings?
>   * How well does the utility work?
>   * How long will it take?
>   * What should I be on the look out for?
>   * What advise would you give me?

Read these wiki pages:

https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

Ask any further questions.

Rowland

More information about the samba mailing list