[Samba] How to convert stand-alone samba servers to join existing Windows Active Directory domain

[Rowland penny]

On 10/09/2020 20:28, Ted Buchanan via samba wrote:
> We have multiple stand-alone samba (4.2.10 and 4.10.4) file sharing
> servers with hundreds of local users on each server (not the same on all
> samba servers) in a CentOS/Oracle Linux (6 and 7) network.  We would like
> to convert these stand-alone servers to join an existing Windows based AD
> domain without losing data or ownership/permission metadata on these
> servers.  Is there a guide for doing so or can someone give the steps
> necessary to accomplish this task?  I see in the samba wiki how to set up
> samba as a domain controller or stand-alone server but nothing really on
> how to convert from stand-alone to domain member.  I am not real familiar
> with the Active Directory side of things so perhaps I'm not asking the
> right questions or looking in the right places.  Thank you in advance.
>
I meant to reply to this earlier, but got sidetracked ;-)

Not sure you can do this easily, yes, you might have the same users on 
some of the standalone servers, but do they have the same numeric ID on 
each of them ?

Lets say you have the user 'fred' who is a Unix & Samba user on 
computers A,B & D, but not on C

On A, he has the ID '1005'

On B, he has the ID '1764'

On D, he has the ID '1067'

When you create your AD domain, you will have to recreate your users and 
delete them from /etc/passwd on the standalone servers when you join 
them to the domain, so which uidNumber attribute contents will you give 
'fred' ?

If you choose '1005' there is a good chance that it will clash with 
another user from B, or C, or D, the same goes for the other two ID's

I feel the only way out of this problem is to create a new AD domain. 
Create your users in AD with new ID's (preferably from 10000 upwards) 
and then chown the files on the standalone servers after you have joined 
them to domain. Presumably after writing a script to do the chown.

Rowland