[Samba] AD across sites

Praveen Ghimire PGhimire at sundata.com.au
Fri Jun 7 10:57:16 UTC 2019 

Hi Rowland,

Let’s say due to number of machines involved, it is not practical to drop them off the NT4 domain all at once. We are thinking are two possible options 
- VLAN the ports and only allow certain machines to talk to serverb
- Or use the host deny and host allow in smb.conf, example
Host allow 10.10.10.5 
Host deny 10.10.10.0

Preferably the second one

Other questions 
If we have bind9 dlz across both would the dns replicate 
As both servers are Linux, would the stability replicate without having to sync them manually 



Thank you 

> On 6 Jun 2019, at 9:26 pm, Rowland penny via samba <samba at lists.samba.org> wrote:
> 
>> On 06/06/2019 12:00, Praveen Ghimire via samba wrote:
>> Hi Guys,
>> 
>> Just need some guidance regarding AD across sites. We have two sites, siteA and siteB. Until about a month ago both sites were running NT4 domains, separate domains but with the same names, let's say thedomain. We classicupgrades siteA to AD and now need to migrate siteB to AD.
>> 
>> The sites are connected with a WAN link
>> 
>> 
>> We think ,the steps involved will be the following
>> 
>> 
>> -          Leave the NT4 server in siteB unchanged
>> 
>> -          Create user accounts for usres in siteB in AD
>> 
>> -          Add a new server (server, Ubuntu 18.04) in siteB. Point it's resolv.conf (nameserver and domain) to AD DC in siteA, let's say serverA.thedomain.ad
>> 
>> -          Join the  serverB to the AD domain, server.thedomain.AD
> Create a new 'site' in AD
> 
> Add (join) a new DC at siteB and in your new site. Point it's resolv.conf to itself
>> 
>> -          Option A: Join the old NT4 server to the AD domain as a file server. Change the file and folder permission to AD users and groups
>> 
>> -          OptionB: Copy the data from NT4 server to the serverB.thedomain.ad and change the file and folder permissions
> Either should work
>> 
>> -          In siteB, Drop the existing client machines from the old NT4 domain
> You would need to do this before anything else.
>> 
>> -          Point the DNS in the client machines to the IP of the server.thedomain.ad
>> 
>> -          Join the client machines to the AD
>> 
>> The questions
>> 
>> 
>> -          What will happen when an AD server is introduced to a network with NT4 domain. I suspect nothing will happen as the NT4 domain is different to AD even though they might have similar first name
> 
> If your NT4 domain and your AD domain share the same name, then I think you might have problems, especially if they also have the same SID.
> 
>> 
>> -          How easy will it be change the file and folder permissions?
> 
> You will probably find the folders & files belong to numbers and not names, you need to be able to match these numbers to names.
> 
> Rowland
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> ______________________________________________________________________

More information about the samba mailing list