[Samba] migrate DC from very old version of samba

[Rémi]

Rowland Penny via samba <samba at lists.samba.org> writes:

> On Mon, 31 Mar 2025 13:51:17 +0200
> Rémi via samba <samba at lists.samba.org> wrote:
>
>> Hello,
>> 
>> I just found a network with a very old samba version running as ad-dc:
>> samba 4.1.6 on debian 7 !
>
> Yikes !!

good approximation of my reaction :-)

< ... cut ... >

>> OTOH I can fire up a bookworm vm on another recent server, and install
>> bookworm-backport samba there.
>
> This may work, but you may have to it two stages, add a machine running
> Debian buster, then bookworm.

any specific reason ?

>> And then what, just transfer the domain ? How do I do that ? Join as a
>> BDC, then transfer FSMO, stop samba on the old beast and it's done ?
>
> That is the easy bit, just joining another DC (not a BDC, that is
> something else entirely) will replicate the domain. You will then need
> to sync sysvol and idmap.ldb from the old DC to the new and also
> transfer FSMO roles, then when you are sure everything is working okay,
> demote the old DC and turn it off. You will also need to get the
> clients to use the new DC as their nameserver.

ok I read the wiki page documenting how to join an existing domain as a
dc, including sysvol and idmap sync. Then fsmo, test test test, pray,
demote and go :-)

>> Will this work and make win11 machines happy ?
>
> As happy as win11 is ever going to be ;-)

point taken: happy is not the right word there ;-)

>> There are traces of two older DCs in that ad, which are not there
>> anymore. Might that cause problem ? I can clean it up when samba is up
>> to date, but I'd like to be super prudent with that old thing.
>
> You should be able to clean it up afterwards, but may have to do it
> first. I do hope you are going to test all this on backups first.

I'll backup the old server config before I go, but there is no way I can
replicate that whole environment and test... could just adding a new DC
disrupt the old thing ?

Thanks,
-- 
Rémi