[Samba] AD across sites

Rowland penny rpenny at samba.org
Thu Jun 6 11:25:40 UTC 2019 

On 06/06/2019 12:00, Praveen Ghimire via samba wrote:
> Hi Guys,
>
> Just need some guidance regarding AD across sites. We have two sites, siteA and siteB. Until about a month ago both sites were running NT4 domains, separate domains but with the same names, let's say thedomain. We classicupgrades siteA to AD and now need to migrate siteB to AD.
>
> The sites are connected with a WAN link
>
>
> We think ,the steps involved will be the following
>
>
> -          Leave the NT4 server in siteB unchanged
>
> -          Create user accounts for usres in siteB in AD
>
> -          Add a new server (server, Ubuntu 18.04) in siteB. Point it's resolv.conf (nameserver and domain) to AD DC in siteA, let's say serverA.thedomain.ad
>
> -          Join the  serverB to the AD domain, server.thedomain.AD
Create a new 'site' in AD

Add (join) a new DC at siteB and in your new site. Point it's 
resolv.conf to itself
>
> -          Option A: Join the old NT4 server to the AD domain as a file server. Change the file and folder permission to AD users and groups
>
> -          OptionB: Copy the data from NT4 server to the serverB.thedomain.ad and change the file and folder permissions
Either should work
>
> -          In siteB, Drop the existing client machines from the old NT4 domain
You would need to do this before anything else.
>
> -          Point the DNS in the client machines to the IP of the server.thedomain.ad
>
> -          Join the client machines to the AD
>
> The questions
>
>
> -          What will happen when an AD server is introduced to a network with NT4 domain. I suspect nothing will happen as the NT4 domain is different to AD even though they might have similar first name

If your NT4 domain and your AD domain share the same name, then I think 
you might have problems, especially if they also have the same SID.

>
> -          How easy will it be change the file and folder permissions?

You will probably find the folders & files belong to numbers and not 
names, you need to be able to match these numbers to names.

Rowland

More information about the samba mailing list