Ad Takeover Server 2012R2 ESS


(LR) #1

Hello,
is it possible to transfer an AD from a 2012R2 ESS to a Nethserver? Or is it possible to transfer users and computers differently? in this case it is only about 4 users and 4 computers, they are also created quickly by hand, but the transfer of the computers and the profiles are just not so easy. Which approach is recommended here? Mails and data are no problem, even the rights of the data are set quickly. The Nethserver would have to become a member of the AD first and later the objects would have to be brought into the OpenLadp, right? Which way is to be recommended after your experiences?


(Michael Kicks) #2

You would take down 2012R2 ESS? Or keep it up as AD?


(LR) #3

A new server should take over the tasks and the old one should be switched off.


(Michael Kicks) #4

I’d suggest a migration from 2012R2 ESS to NethServer. But i’m not sure that it will work. Therefore… Backup before try. This for preservation of the AD structure for the clients.

Otherwise, create from scratch the domain structure as a container with NSDC, and find a tool to migrate configuration.


(LR) #5

The UCS server can do this by default. https://www.youtube.com/watch?v=WXqak7VNuSM


(Jeroen Visser) #6

I would create a backup of the current AD server, add the Nethserver to the domain, demote the current domain controler and promote the Nethserver one. (not sure about the order there) AFAIK, this should work. (not tested)

See Microsoft for demoting a DC
See Samba for joining an AD as DC

(I would provide links if I knew the method would work, but as stated, this is untested, altho in theory it should work.)

Edit: the question references OpenLDAP. I presumed Samba AD here. There is no reliable way to migrate an AD to OpenLDAP afaik.


(Michael Kicks) #7

I don’t know if ESS version could be added as part of the forest…


(Jeroen Visser) #8

Ugh … I’m an idiot … that should have been domain offcourse … add the Nethserver to the domain.


(Rob Bosch) #9

If your first Windows AD server is getting decommissioned, you need to transfer (or if the Windows server is offline) seize FSMO roles. Have a look at samba wiki: https://wiki.samba.org/index.php/Transferring_and_Seizing_FSMO_Roles

More info on FSMO roles: https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_(FSMO)_Roles

Here is a procedure to change from Windows 2012AD to Samba4 AD: https://serverfault.com/questions/703724/migrate-from-ms-active-directory-to-samba4. I don’t know if the current version of Samba4 can handle a Win2012 AD domain? This topic is 3 years old.


(LR) #10

Thanks for compiling the links