Hi,
has anyone here ever migrated from DSfW to MS AD? Especially I want to keep as much of the
current setup as possible, like DomainName, DomainSID, DomainGUID and user info.
Is that even possible?
regards,
Franz Sirl
Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
If an answer to your question is correct, click on "Verify Answer" under the "More" button. The answer will now appear with a checkmark. Please be sure to always mark answers that resolve your issue as verified. Your fellow Community members will appreciate it! Learn more
Hi,
has anyone here ever migrated from DSfW to MS AD? Especially I want to keep as much of the
current setup as possible, like DomainName, DomainSID, DomainGUID and user info.
Is that even possible?
regards,
Franz Sirl
That is an interesting question Franz. I'm sorry I don't have an answer for you but I am having a great many issues with my DSfW and looking at possible solutions.
I have an issue where certain applications will not run if a user logs onto their workstation using a DSfW domain account but the issue does not exist if the domain controller is a Windows server.
I'm not yet ready to abandon DSfW completely but I was wondering if I could introduce a Windows Server into the mix and make it a domain controller thereby eliminating issues I have when accessing my DSfW servers.
__________
Kevin Boyle, Knowledge Partner
Calgary, Alberta, Canada
I was told a while ago that this is not possible. I have not ran into many issues with DSFW for what wanted it for. Has worked very reliably for sure. Still on OES 2018 SP2 for the only because they are running so solid. Considering trying to take one to 2023 but honestly a little concerned with that as well as not sure where they are going with it. The biggest thing being asked is for the Azure support which don't even know if that will ever come now.
I'm currently thinking about 3 ways to do it. One way is to join a 2012R2 server (this version doesn't enforce DFSR yet) and promote it to a DC and then remove DSfW. This is a scenario that seems to work with pure samba, hopefully it also works DSfW samba.
Second way I have in mind is to create a fresh domain with a current samba (specifying the old DomainSID and DomainGUID is possible with samba) and transfer the user data via LDIF. After that is done, continue along the 2012R2 route.
Third way would be to create a fresh AD domain with a current windows server, fill in the users via IDM and then add the old users SID to the new users SIDHistory.
All ways are likely not easy...
Well, my problem is that the functionality is about OK, but the stability is bad :-( . Our network is quite heterogeneous and since samba-4.13 a starting winbindd tends to crash the rpcd on DSfW. Additionally ndsd leaks memory and has to be restarted about once a week. Both problems have been reported, but no solution since over a year. The leaking memory SR even has been closed after the leak was mitigated a bit.
The leaking memory SR even has been closed after the leak was mitigated a bit.
I have had many similar experiences. Micro Focus technical support has been helpful but as soon as a defect is created for the developers to investigate things seem to fall apart. I've has a dozen cases opened and one by one they get closed without the defect getting resolved.
__________
Kevin Boyle, Knowledge Partner
Calgary, Alberta, Canada
Even worst is there are way too many companies doing this now as well. I even had one vendor open a case and never even talked to anyone and they closed the case. So many companies say they have improved support. What a laugh.
Interesting. I would think if you could install a Windows DC in your environment as a secondary DC it would work. After transferring your FSMO roles you should technically be able to decommission the DSfW server. So I would first join a server to the Domain, promote the server to a DC, move the FSMO roles and decommission the DSfW server. The interesting part would be how Windows handles being promoted in the environment. The fact that you have DSfW means you already have most of the attributes needed to preform the promotion of a Windows DC in a DSfW environment.
Would really like to hear the results if someone tries it.
I can setup a test environment at home, so I will update on Monday