Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Samba 4 Admt to other Domain Windows Server 2008
427 views
Skip to first unread message
wong lmark
May 20, 2013, 11:30:01 PM5/20/13
to
Hi,
I have a Samba 4 domain created and now I need to transfer all users and
groups to other Windows 2008 Domain.
How can I use the ADMT?
Thanks for your help.
Best Regards,
Mark
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I have a Samba 4 domain created and now I need to transfer all users and
groups to other Windows 2008 Domain.
How can I use the ADMT?
Thanks for your help.
Best Regards,
Mark
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Andrew Bartlett
May 21, 2013, 12:00:01 AM5/21/13
to
On Tue, 2013-05-21 at 11:19 +0800, wong lmark wrote:
> Hi,
>
> I have a Samba 4 domain created and now I need to transfer all users and
> groups to other Windows 2008 Domain.
> How can I use the ADMT?
Why do you want to use ADMT?
> Hi,
>
> I have a Samba 4 domain created and now I need to transfer all users and
> groups to other Windows 2008 Domain.
> How can I use the ADMT?
If you just need to move to Windows, then just join a Windows DC to the
Samba domain as DC, transfer the FSMO roles, and then offline the Samba
DC.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
wong lmark
May 21, 2013, 12:10:01 AM5/21/13
to
Hi Andrew,
I have tried to transfer fsmo. But I cannot sure that can transfer or not.
In windows, I typed netdom query fsmo but it shown parameter is incorrect.
And then, I found that my win 08 ad cannot open the GPO.
Thanks for your help.
Best Regards,
Mark
2013/5/21 Andrew Bartlett <abar...@samba.org>
I have tried to transfer fsmo. But I cannot sure that can transfer or not.
In windows, I typed netdom query fsmo but it shown parameter is incorrect.
And then, I found that my win 08 ad cannot open the GPO.
Thanks for your help.
Best Regards,
Mark
Andrew Bartlett
May 21, 2013, 12:10:01 AM5/21/13
to
On Tue, 2013-05-21 at 12:02 +0800, wong lmark wrote:
> Hi Andrew,
>
>
> I have tried to transfer fsmo. But I cannot sure that can transfer or
> not.
> In windows, I typed netdom query fsmo but it shown parameter is
> incorrect.
Then simply remove the Samba DC using the windows tools, and seize any
> Hi Andrew,
>
>
> I have tried to transfer fsmo. But I cannot sure that can transfer or
> not.
> In windows, I typed netdom query fsmo but it shown parameter is
> incorrect.
roles left on that DC. If you tell windows it is permanently off-line,
it should do the right thing. If you keep the Samba DC off during this
process, then if it doesn't work, you can still just power windows off,
and Samba on, and it should still be working.
> And then, I found that my win 08 ad cannot open the GPO.
replication protocol used for GPO files (sorry).
Pekka L.J. Jalkanen
May 21, 2013, 1:50:01 AM5/21/13
to
On 21.5.2013 6:56, Andrew Bartlett wrote:
> On Tue, 2013-05-21 at 11:19 +0800, wong lmark wrote:
>> Hi,
>>
>> I have a Samba 4 domain created and now I need to transfer all users and
>> groups to other Windows 2008 Domain.
>> How can I use the ADMT?
>
> Why do you want to use ADMT?
>
> If you just need to move to Windows, then just join a Windows DC to the
> Samba domain as DC, transfer the FSMO roles, and then offline the Samba
> DC.
Also, it is good to note that even if you can't avoid ADMT (in the case
> On Tue, 2013-05-21 at 11:19 +0800, wong lmark wrote:
>> Hi,
>>
>> I have a Samba 4 domain created and now I need to transfer all users and
>> groups to other Windows 2008 Domain.
>> How can I use the ADMT?
>
> Why do you want to use ADMT?
>
> If you just need to move to Windows, then just join a Windows DC to the
> Samba domain as DC, transfer the FSMO roles, and then offline the Samba
> DC.
you must migrate your users to another _existing_ domain) you'd still
need to do as Andrew says and add a Windows DC to the _source_ domain
first, because the target domain needs to be trusted by the source for
ADMT to work at all.
While Samba can be trusted by others, it currently cannot itself trust
other domains, so ADMT simply cannot work without a Windows DC in the
source.
Pekka L.J. Jalkanen
wong lmark
May 21, 2013, 2:40:01 AM5/21/13
to
I had added the Windows 08 DC in Samba 4 domain. But I cannot migrate the
SID when I tick "Migrate User SID", it will show "Could not verify auditing
and TcpipClientSupport on domains. Will not be able to migrate Sid's."
2013/5/21 Pekka L.J. Jalkanen <pekka.j...@vihreat.fi>
SID when I tick "Migrate User SID", it will show "Could not verify auditing
and TcpipClientSupport on domains. Will not be able to migrate Sid's."
2013/5/21 Pekka L.J. Jalkanen <pekka.j...@vihreat.fi>
Pekka L.J. Jalkanen
May 21, 2013, 4:50:02 AM5/21/13
to
If I were in your position, to keep things simple I would first transfer
or seize all FSMO roles to the Windows DC, copy SYSVOL over to it as
well (Samba doesn't auto-sync it) and then take the Samba DC offline;
don't know if you did so already.
However, I believe that if you're still having problems after that
you'll really have to ask Microsoft, as an ADMT migration between two
domains running exclusively Windows DCs is no Samba problem anymore.
But just to give you a starting point: a quick googling with your error
message points me to the following discussion:
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/f1c1e2b8-12d8-4fef-b9a3-ec6e671ad909
Perhaps you're having a permissions problem? My own experiences with
ADMT are such that it really takes a moment to set all the relevant
permissions & group memberships properly or else things won't work.
Pekka L.J. Jalkanen
On 21.5.2013 9:33, wong lmark wrote:
> I had added the Windows 08 DC in Samba 4 domain. But I cannot migrate
> the SID when I tick "Migrate User SID", it will show "Could not verify
> auditing and TcpipClientSupport on domains. Will not be able to migrate
> Sid's."
>
> 2013/5/21 Pekka L.J. Jalkanen <pekka.j...@vihreat.fi
> <mailto:pekka.j...@vihreat.fi>>
or seize all FSMO roles to the Windows DC, copy SYSVOL over to it as
well (Samba doesn't auto-sync it) and then take the Samba DC offline;
don't know if you did so already.
However, I believe that if you're still having problems after that
you'll really have to ask Microsoft, as an ADMT migration between two
domains running exclusively Windows DCs is no Samba problem anymore.
But just to give you a starting point: a quick googling with your error
message points me to the following discussion:
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/f1c1e2b8-12d8-4fef-b9a3-ec6e671ad909
Perhaps you're having a permissions problem? My own experiences with
ADMT are such that it really takes a moment to set all the relevant
permissions & group memberships properly or else things won't work.
Pekka L.J. Jalkanen
On 21.5.2013 9:33, wong lmark wrote:
> I had added the Windows 08 DC in Samba 4 domain. But I cannot migrate
> the SID when I tick "Migrate User SID", it will show "Could not verify
> auditing and TcpipClientSupport on domains. Will not be able to migrate
> Sid's."
>
> 2013/5/21 Pekka L.J. Jalkanen <pekka.j...@vihreat.fi
wong lmark
May 21, 2013, 5:50:02 AM5/21/13
to
I had transfer all FSMO roles to Win DC, copy and paste the sysvol in Win
DC.
But the win dc shown error message call "Naming information cannot be
located because: The specified domain either does not exist or could not be
contacted."
Is it any thing I did wrong?
DC.
But the win dc shown error message call "Naming information cannot be
located because: The specified domain either does not exist or could not be
contacted."
Is it any thing I did wrong?
Pekka L.J. Jalkanen
May 21, 2013, 2:40:02 PM5/21/13
to
Like I said, you should really ask your questions on an MS forum if
you're having problems in a pure Windows environment.
Googling your error this time gives this:
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/bba3d024-4d94-4c6e-a014-d457cdbaeee4/
Based on what I've read there your trouble sounds like a DNS or a sysvol
problem. If you copied your sysvol directory from the Samba DC without
taking care of all of the ACLs and attributes (I'm always doing my
manual sysvol copies to or from Windows using robocopy to guard against
losing them), this might be the reason. But this is just a guess; I
can't really help you any further. Read the linked page; that might give
you some ideas.
Pekka L.J. Jalkanen
On 21.5.2013 12:39, wong lmark wrote:
> I had transfer all FSMO roles to Win DC, copy and paste the sysvol in
> Win DC.
> But the win dc shown error message call "Naming information cannot be
> located because: The specified domain either does not exist or could not
> be contacted."
> Is it any thing I did wrong?
>
> 2013/5/21 Pekka L.J. Jalkanen <pekka.j...@vihreat.fi
> <mailto:pekka.j...@vihreat.fi>>
you're having problems in a pure Windows environment.
Googling your error this time gives this:
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/bba3d024-4d94-4c6e-a014-d457cdbaeee4/
Based on what I've read there your trouble sounds like a DNS or a sysvol
problem. If you copied your sysvol directory from the Samba DC without
taking care of all of the ACLs and attributes (I'm always doing my
manual sysvol copies to or from Windows using robocopy to guard against
losing them), this might be the reason. But this is just a guess; I
can't really help you any further. Read the linked page; that might give
you some ideas.
Pekka L.J. Jalkanen
On 21.5.2013 12:39, wong lmark wrote:
> I had transfer all FSMO roles to Win DC, copy and paste the sysvol in
> Win DC.
> But the win dc shown error message call "Naming information cannot be
> located because: The specified domain either does not exist or could not
> be contacted."
> Is it any thing I did wrong?
>
> 2013/5/21 Pekka L.J. Jalkanen <pekka.j...@vihreat.fi
>
> If I were in your position, to keep things simple I would first transfer
> or seize all FSMO roles to the Windows DC, copy SYSVOL over to it as
> well (Samba doesn't auto-sync it) and then take the Samba DC offline;
> don't know if you did so already.
>
> However, I believe that if you're still having problems after that
> you'll really have to ask Microsoft, as an ADMT migration between two
> domains running exclusively Windows DCs is no Samba problem anymore.
>
> But just to give you a starting point: a quick googling with your error
> message points me to the following discussion:
> http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/f1c1e2b8-12d8-4fef-b9a3-ec6e671ad909
>
> Perhaps you're having a permissions problem? My own experiences with
> ADMT are such that it really takes a moment to set all the relevant
> permissions & group memberships properly or else things won't work.
>
> Pekka L.J. Jalkanen
>
> On 21.5.2013 9:33, wong lmark wrote:
> > I had added the Windows 08 DC in Samba 4 domain. But I cannot migrate
> > the SID when I tick "Migrate User SID", it will show "Could not verify
> > auditing and TcpipClientSupport on domains. Will not be able to
> migrate
> > Sid's."
> >
> > 2013/5/21 Pekka L.J. Jalkanen <pekka.j...@vihreat.fi
> <mailto:pekka.j...@vihreat.fi>
> > <mailto:pekka.j...@vihreat.fi <mailto:pekka.j...@vihreat.fi>>>
> If I were in your position, to keep things simple I would first transfer
> or seize all FSMO roles to the Windows DC, copy SYSVOL over to it as
> well (Samba doesn't auto-sync it) and then take the Samba DC offline;
> don't know if you did so already.
>
> However, I believe that if you're still having problems after that
> you'll really have to ask Microsoft, as an ADMT migration between two
> domains running exclusively Windows DCs is no Samba problem anymore.
>
> But just to give you a starting point: a quick googling with your error
> message points me to the following discussion:
> http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/f1c1e2b8-12d8-4fef-b9a3-ec6e671ad909
>
> Perhaps you're having a permissions problem? My own experiences with
> ADMT are such that it really takes a moment to set all the relevant
> permissions & group memberships properly or else things won't work.
>
> Pekka L.J. Jalkanen
>
> On 21.5.2013 9:33, wong lmark wrote:
> > I had added the Windows 08 DC in Samba 4 domain. But I cannot migrate
> > the SID when I tick "Migrate User SID", it will show "Could not verify
> > auditing and TcpipClientSupport on domains. Will not be able to
> migrate
> > Sid's."
> >
> > 2013/5/21 Pekka L.J. Jalkanen <pekka.j...@vihreat.fi
> <mailto:pekka.j...@vihreat.fi>
0 new messages