Tranquil IT Forum

Contact us
at https://forum.tranquil.it/

Migration from 3.5 to 4.x, realm identical to domain

https://forum.tranquil.it/viewtopic.php?t=3064

Page 1 of 1

Migration from 3.5 to 4.x, realm identical to domain

Published: May 31, 2022 - 09:11
by flipflip
Hello everyone,

I'm running tests to migrate an old domain controller from Samba 3.5 + ldap + bind to Samba branch 4 to simulate Active Directory, and I've run into a problem with the domain name.

The current domain name is DOM.MYDOMAIN, and according to the documentation I've read and the tests I've performed, I can't have the same domain name and realm.
Is there a way to work around this problem, or rename the domain without breaking everything (SID, etc.)?

Thanks in advance.

Re: Migration from 3.5 to 4.x, realm identical to domain

Published: June 1, 2022 - 3:32 PM
by dcardon
The simplest solution is to rename the domain and remove the period (.) from the NetBIOS name before migrating to Active Directory. It's not overly complicated given the simplicity of the NT4 domain's technical model, but you need to know what you're doing:
- Change the NetBIOS domain name at the NT4 PDC (and other PDCs/BDCs), smb.conf, LDAP entries, etc. Pay attention to your WINS configuration.
- Push a join of the workstations to the new domain, still in NT4 (the SID doesn't change, so user profiles remain the same) using your preferred deployment tool (WAPT is highly recommended :-) )
. - Join the other domain members (file server, etc.). Since the SIDs are identical, permissions don't change unless something goes wrong

. Once the period is removed from the domain name, the migration to an Active Directory domain is possible.

Sincerely,

Denis

Re: Migration from 3.5 to 4.x, realm identical to domain

Published: June 2, 2022 - 10:06 AM
by flipflip
Good morning,

Thank you for your response.

I started testing with your procedure and I have doubts about the DNS part.

Below are the settings I would like to implement:
TLD: .fr
Domain: mondomain
Workgroup: marue205
Realm: MARUE205.MONDOMAIN.FR
Given that mondomain.fr exists, belongs to us and is used for our website and our email hosted externally.

Below is the procedure I perform (on my test platform)
  • Shutting down the test user PC;
  • DHCP shutdown;
  • Modifying the domain-name option "marue205" in /etc/dhcpd.conf
  • Modifying the domain-search option "marue205" in /etc/dhcpd.conf
  • DHCP restart;
  • Stop smb and nmb;
  • Modification of workgroup marue205 in smb.conf
  • Restart smb and nmb;
  • LDAP stop;
  • Modification of ldap entries by replacing the old domain with marue205;
  • Restart ldap;
  • Copying the DNS zone file and reverse engineering, and replacing mondom with marue205;
  • Deactivation of the old mondom zone;
  • Activation of the new zone marue205.
My question is: is the DNS zone marue205 or marue205.mydomain.fr?

Thanks in advance.
Time zone set to UTC+02:00
Page 1 of 1

Developed by phpBB® Forum Software © phpBB Limited

Official French translation © Qiaeru