Hello everyone,
I'm running tests to migrate an old domain controller from Samba 3.5 + ldap + bind to Samba branch 4 to simulate Active Directory, and I've run into a problem with the domain name.
The current domain name is DOM.MYDOMAIN, and according to the documentation I've read and the tests I've performed, I can't have the same domain name and realm.
Is there a way to work around this problem, or rename the domain without breaking everything (SID, etc.)?
Thanks in advance.
Migration from 3.5 to 4.x, realm identical to domain
-
dcardon
- WAPT Expert
- Messages: 1929
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
The simplest solution is to rename the domain and remove the period (.) from the NetBIOS name before migrating to Active Directory. It's not overly complicated given the simplicity of the NT4 domain's technical model, but you need to know what you're doing:
- Change the NetBIOS domain name at the NT4 PDC (and other PDCs/BDCs), smb.conf, LDAP entries, etc. Pay attention to your WINS configuration.
- Push a join of the workstations to the new domain, still in NT4 (the SID doesn't change, so user profiles remain the same) using your preferred deployment tool (WAPT is highly recommended
)
. - Join the other domain members (file server, etc.). Since the SIDs are identical, permissions don't change unless something goes wrong
. Once the period is removed from the domain name, the migration to an Active Directory domain is possible.
Sincerely,
Denis
- Change the NetBIOS domain name at the NT4 PDC (and other PDCs/BDCs), smb.conf, LDAP entries, etc. Pay attention to your WINS configuration.
- Push a join of the workstations to the new domain, still in NT4 (the SID doesn't change, so user profiles remain the same) using your preferred deployment tool (WAPT is highly recommended
). - Join the other domain members (file server, etc.). Since the SIDs are identical, permissions don't change unless something goes wrong
. Once the period is removed from the domain name, the migration to an Active Directory domain is possible.
Sincerely,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Good morning,
Thank you for your response.
I started testing with your procedure and I have doubts about the DNS part.
Below are the settings I would like to implement:
Below is the procedure I perform (on my test platform)
Thanks in advance.
Thank you for your response.
I started testing with your procedure and I have doubts about the DNS part.
Below are the settings I would like to implement:
Given that mondomain.fr exists, belongs to us and is used for our website and our email hosted externally.TLD: .fr
Domain: mondomain
Workgroup: marue205
Realm: MARUE205.MONDOMAIN.FR
Below is the procedure I perform (on my test platform)
- Shutting down the test user PC;
- DHCP shutdown;
- Modifying the domain-name option "marue205" in /etc/dhcpd.conf
- Modifying the domain-search option "marue205" in /etc/dhcpd.conf
- DHCP restart;
- Stop smb and nmb;
- Modification of workgroup marue205 in smb.conf
- Restart smb and nmb;
- LDAP stop;
- Modification of ldap entries by replacing the old domain with marue205;
- Restart ldap;
- Copying the DNS zone file and reverse engineering, and replacing mondom with marue205;
- Deactivation of the old mondom zone;
- Activation of the new zone marue205.
Thanks in advance.
