[Samba] Importing standalone users into Active Directory

David Brodbeck brodbeck at ucsb.edu
Thu Jul 29 19:18:55 UTC 2021

I've done a lot of Googling but haven't found the answer to this yet.

I have a standalone Samba server I want to add to my Samba4 Active
Directory domain. However, the standalone server has about 300 Samba user
accounts in its local tdbsam database that I need to retain. As I see it,
there are two possibilities:

1. Import the tdbsam accounts into Active Directory. This would be my first
    - I've found information on importing tdb files from NT4-style domains
to new AD domains using samba-tool, but nothing about taking users from a
standalone server and inserting them into an existing AD.
   - I looked into pdbedit but it doesn't seem to have AD as one of its
backend options (or maybe I'm just missing it.)

2. Have Samba authenticate against the TDB file when it can't find an AD
account for a user.
   - Researching this led me to references to the command "auth method",
which looked promising, but it was removed in 2017.

Has anyone faced this problem, and found a good solution? I really don't
want to have to continue to maintain this server as a standalone one, but
getting 300 people to all set new passwords simultaneously is not going to

David Brodbeck (they/them)
System Administrator, Department of Mathematics
University of California, Santa Barbara

More information about the samba mailing list