Samba to Active Directory Migration (with a bit of NT 4 in there too)
hi
sorry if has been answered somewhere spent 3 days searching google no luck
i have 3 domains currently
domain1 - nt4 domain nt4 pdc , bdc
domain2 - samba domain
domain3 - windows 2008 active directory
we moving domain3 , domain1 not issue.
however not know how move users samba server ad , maintain sid history.
does know best way this?
sorry if has been answered somewhere spent 3 days searching google no luck
i have 3 domains currently
domain1 - nt4 domain nt4 pdc , bdc
domain2 - samba domain
domain3 - windows 2008 active directory
we moving domain3 , domain1 not issue.
however not know how move users samba server ad , maintain sid history.
- i thought putting nt4 server in samba network , promoting pdc not sure of impact of have nt4 bdc samba thinks pdc
- i thought migrating users nt4 domain1 , ad
- i thought migrating users directly ad
does know best way this?
can use admt tool migrate samba users ad aware
of issue posing below.
1. administrator password must same on samba server, 2003
ads, , local administrator account on workstations.
not documented. (perhaps goes without saying, there needs
an account called "administrator" in samba domain, full
administrative (root) rights domain.)
2. in advanced/dns section of tcp/ip settings on windows
workstations, make sure "dns suffix connection" field blank.
this not documented.
3. because migrating samba, user passwords cannot
migrated. you'll have reset everyone's passwords. (if
migrating nt4 ads, migrate passwords well.)
4. disable windows firewall on workstations. otherwise,
workstations won't migrated new domain. not documented.
5. when migrating machines, test first (using admt's test mode)
and satisfy errors before committing migration. note
test fail, because machine not have been
migrated. you'll need interpret errors know whether
failure due problem, or due fact
a test.
there significant benefits of using admt, besides
migrating user accounts.
1. can migrate workstations remotely. can specify sids
be added instead of replaced, giving option of joining
workstation old domain if goes awry.
workstations joined new domain.
2. not user accounts migrated old domain new
domain, acls on workstations migrated well. sids,
acls can added instead of replaced.
3. locally stored user profiles on workstations migrated well,
presenting no disruption user. saved passwords
lost, when administratively reset password in windows ads.
4. admt lets test operations before performing
migration. can migrate accounts , workstations individually or in
batches. user accounts can safely migrated @ once (since no
changes made on original domain); recommend migrating 1
or 2 workstations test before committing them all.
i'm impressed active directory migration tool. sure
made job easier, both times used (once migrating nt4 ads
2003; second time samba 3 ads 2003). 3 gotchas
labeled "not documented" things tripped me up, (thankfully)
i able resolve.
thanks
syed khairuddin
of issue posing below.
1. administrator password must same on samba server, 2003
ads, , local administrator account on workstations.
not documented. (perhaps goes without saying, there needs
an account called "administrator" in samba domain, full
administrative (root) rights domain.)
2. in advanced/dns section of tcp/ip settings on windows
workstations, make sure "dns suffix connection" field blank.
this not documented.
3. because migrating samba, user passwords cannot
migrated. you'll have reset everyone's passwords. (if
migrating nt4 ads, migrate passwords well.)
4. disable windows firewall on workstations. otherwise,
workstations won't migrated new domain. not documented.
5. when migrating machines, test first (using admt's test mode)
and satisfy errors before committing migration. note
test fail, because machine not have been
migrated. you'll need interpret errors know whether
failure due problem, or due fact
a test.
there significant benefits of using admt, besides
migrating user accounts.
1. can migrate workstations remotely. can specify sids
be added instead of replaced, giving option of joining
workstation old domain if goes awry.
workstations joined new domain.
2. not user accounts migrated old domain new
domain, acls on workstations migrated well. sids,
acls can added instead of replaced.
3. locally stored user profiles on workstations migrated well,
presenting no disruption user. saved passwords
lost, when administratively reset password in windows ads.
4. admt lets test operations before performing
migration. can migrate accounts , workstations individually or in
batches. user accounts can safely migrated @ once (since no
changes made on original domain); recommend migrating 1
or 2 workstations test before committing them all.
i'm impressed active directory migration tool. sure
made job easier, both times used (once migrating nt4 ads
2003; second time samba 3 ads 2003). 3 gotchas
labeled "not documented" things tripped me up, (thankfully)
i able resolve.
thanks
syed khairuddin
Windows Server > Migration
Comments
Post a Comment