[Samba] Moving from a PDC to an DA

Robert Moskowitz rgm at htt-consult.com
Mon Nov 16 00:38:26 UTC 2020

Thank you for answering.

On 11/15/20 4:38 AM, Rowland penny via samba wrote:
> On 15/11/2020 03:38, Robert Moskowitz via samba wrote:
>> This is not an upgrade in place and I am not finding any good 
>> guidance, so here I am asking on the list...
>> I have an old PDC that has been running since '12.  The domain is 
>> called Homebase, and the server is called Homebase.  The Samba 
>> software I am using is the ClearOS5 distro.
>> Now I have purchased a QNAP server and going to an AD.  I would LIKE 
>> to use the same server and domain name and a local FQDN of 
>> homebase.home.htt  (I have an internal view on my BIND DNS server, so 
>> setting up my own TLD is easy).
> I would go with something like 'ad.home.htt' instead, you cannot use 
> the same name for a DC as the workgroup (aka netbios domain name). 
> Your mention of views is interesting, as it sounds like you want to 
> use an external Bind9 server for the AD domain, sorry but this is not 
> a good idea. Every AD DC running a dns server (every Samba runs a dns 
> server) is authoritative for the AD dns domain, so it must be the 
> domain members first port of call.

I run my own DNS servers, each with an external and internal view with 
ACL controls.  So for systems inside my network, they will see the .htt 
TLD, external systems will not.  I understand that the actual AD zone 
needs to be delegated to the AD server.  AD clients will access the AD 
server for DNS resolutin and it will look to my DNS server for its lookups.

Running the AD in an ad.home.htt zone makes sense.  Easy delegation.  

>> Moving the data will be easy, as it is backed up on a USB external 
>> drive, but I would like to migrate as much of the roaming profiles as 
>> I can.  Is it possible/reasonable?
> The problem with roaming profiles is that they are littered with 
> SID's, so you need to change these and Samba does not have any tools 
> to do this, though I believe there are tools available to do this.

What replaces roaming profiles functionality in AD?  Googling points to 
group policies?  Obviously my goal is for my few users to be able to log 
on to different systems and get their profiles.  This is complicated by 
XP, Win7 and Win10 systems...

>> Or should I just go with a clean startup?
> I personally would just start with a new domain, this way you do not 
> use some of the errors from the past e.g. using the RID for the Unix 
> ID, ID's starting at 1000 are, in my opinion, are not a good idea

I see your point.  Only a couple users and a few systems.  Just have to 
drop each system from the PDC and then join them to the AD. Oh, the PDC 
and AD are on different subnets to keep them from stepping on each other.

But I would like a users browser bookmarks to be consistent across 
systems.  Also for specific programs (like Quicken) to work the same on 
any system.  OS version will undoubtedly be a problem.  Getting rid of 
the last XP systems will be good though.

>> Pointers to specific wikis and such are welcomed.
> I can only recommend reading the Samba wiki:
> https://wiki.samba.org/index.php/Main_Page

Yep, I keep going back to it.

More information about the samba mailing list