Join a "secondary" Windows DC on NS7 domain

NethServer Version: 7.9.2009
Module: where to find?

Hi. I’ve a little question. We take a new customer with an old server. On the server there is NS7 (we have some passwords, but I must check if admin’s one work, but I’ve the root one) that work also as domain controller. We need to deprecate it and migrate everything on a new DC based on Windows 2022. I thought that the direct migration could be a problem, so I created a W2012R2 and joined it to the domain with a user that I created on the server as domain admins. I joined the server to the domain, so I installed AD services and then I tried to rise the server as AD-DC (as I did a lot of time with M$ AD) but in this case I cannot go on because my user is not a schema admin and enterprise admin. Is there a way to join this server ad DC?

AFAIK NS7 has two paths.

  • become an AD domain controller, with the bridged NSDC feature, and provide AD DC services to Windows Client
  • Use OpenLDAP to connect NethServer to existing Microsoft AD controller, and use it as authentication provider for services installed

You cannot

  • migrate DC from NS7 to another AD DC from Microsoft
  • have a mixed NS7/Microsoft AD environment with both acting as DC.
    AFAIK, Microsoft did not support this feature with different versions of Windows Server (mixed operating systems), IDK after Windows Server 2016 things changed or not.

Nethserver can:

  • Be an AD DC
  • Be an OpenLDAP client for Microsoft AD instance

migration between states AFAIK is not reported as possible.

As fare as I can see… you need to wipeout your current setup on Windows and start AD from scratch. You’ll also need to migrate clients and profiles between the AD domains.

Hi @FCava

NethServers version in NS7 of Samba, used to create a AD DC, is 1:1 compatible with MS 2012 (R2) AD.
This means a Windows 2012 Server can join and become a second AD.

You can use Stephdl’s module PHPLDAPAdmin to administrate AD in NethServer - eg to give the Windows Server additional permissions / functions.

Then turn off NethServer, and promote the Windows Server to AD DC (primary).
The NethServer can be removed then using Windows Tools…

It works, but is not supported at all. You’re on your own essentially.

My 2 cents

Additional Info:

Also may help moving user profiles…

RSAT Tools also work on NethServers AD…

Use the existing admin on NethServer, this user has enough rights, AFAIK…

Also good to have (Freeware!):


Ok. Thanks to all. We’ll recreate the domain (they have just 7 PCs). I don’t know nethserver and recreate it is the most easy thing to do