[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How to migrate from a mixed workgroup/domain network with Linux DNS to a Windows 2003 Domain

Posted on 2009-03-31
11
Medium Priority
?
300 Views
Last Modified: 2013-12-16
I have inherited a network which has been set up in the following configuration:
Approximately 8 servers, 3 of which are Windows Server 2003.  One of these servers is set up with an Active Directory structure, while the other two are not.  I have approximately 65 workstations that are all connected by various workgroups, and all can connect to the one Windows server running AD as it is also a file server (using a domain account, of course).  The remaining 5 servers are all Debian boxes.  One acts as a firewall/gateway/proxy/content filtering, two act as DNS servers (with one of those running DHCP, SAMBA, and intranet site, while the other one doubles as a web server), one is a SendMail server running Squirrelmail, and the last two are running misc. apps.  One last note, all servers have been set not to trust each other, if that will make a difference in your responses.

So, let's say for example that I want to add a new user to the network.  I first have to create their Active Directory account and set up permissions for the shared folders.  Then I have to create another user account on the mail server (which I am not currently worried about).  Then after that I have to create a local user on that employee's computer and make it identical to the domain account so they can access the file server's shared folders.  I am from an domain environment that ran primarily Windows servers and had AD, DNS, DHCP, and everything else controlled by Windows, so this is a whole new animal for me.

My goal is to transition from this structure to a 2003 Active Directory Domain, but I am not sure how to proceed.  I have been reading up on using a mixture of Windows and Linux for Active Directory and DNS, and I feel I would be better off running DNS and DHCP off of a Windows domain controller rather than Linux, but I would appreciate any suggestions, thoughts, steps, concerns, questions, and anything else that might come up concerning this procedure.  

I welcome your assistance.
Thank you.
0
Comment
Question by:devryguy81
  • 6
  • 5
11 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 24029422

MS DNS tends to be slightly more useful and easier to maintain than BIND for an Active Directory Domain. That's not to say it's impossible to manage otherwise, but Secure Updates and Aging / Scavenging are useful features to have.

MS DHCP is less of a competitor. If you're moving DNS then you might more DHCP as well if it frees up the Linux box for something else. There aren't all that many features that would call for an MS DHCP server. Perhaps their ability to securely update DNS in this instance, but little else.

Both will work though, so perhaps it's better to go for the system you feel most comfortable with. The running cost of a DNS and DHCP server for 65 users is marginal whichever OS you choose.

Chris
0
 

Author Comment

by:devryguy81
ID: 24060961
Chris-Dent's comments are pretty in-line with what I was thinking.  Does anybody out there know of any "gotchyas" concerning moving over to MS-based control from Linux?  As I am not super familiar with running Linux-based servers, so any help is greatly appreciated.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24076193

Moving DNS is pleasantly easy. Enable zone transfers on the current Primary (in named.conf), set up a Secondary on the Windows side, then change the type to Primary once the transfer is complete (with a bit of clicking in the properties for the zone). Once done the NS records need cleaning up and the SOA record checking but that's all.

DHCP is harder because ideally you want to avoid handing out duplicate addresses. There are a couple of options there:

1. Create a lease range that does not conflict with the current leases
2. Enable Conflict Detection

Just curious, but is Samba hooking into the Domain Controller as well? Or acting on it's own with a separate set of user  accounts?

Chris
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 

Author Comment

by:devryguy81
ID: 24131641
Chris,

I am not sure how Samba is getting its user information.  Is there a quick way to find out how it has been set?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24135847

It should be possible to check the authentication mode in smb.conf.

Chris
0
 

Author Comment

by:devryguy81
ID: 24217603
Chris,

It looks to be using local authentication, no domain...Where can I view the local user settings?  If I needed to make a change do I then need to restart a service as well?

Thanks
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24222700

What do you use to manage it on Debian? Or is it purely command line based?

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24222705

Oh and changes to smb.conf should be fine without a restart. It re-reads that configuration file quite regularly.

Chris
0
 

Author Comment

by:devryguy81
ID: 24260802
Currently all the Linux servers are being run in command line mode.  Being pretty much a Linux newbie (mainly a Windows guy), would I pick this stuff up quicker if I used the GUI?  How do I get into it?

Thanks
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24260896

It depends, it can be a pain in the backside to configure the GUI so that may just be opening another bigger kettle of fish.

This would / should list every user configured on the system:

cat /etc/passwd | cut -d":" -f1

Chris
0
 

Author Closing Comment

by:devryguy81
ID: 31621222
Since I am not moving a ton of accounts and other data, I have decided to recreate the domain fresh on a test LAN, then move everything over to the new network.  This is not what I was planning to do originally but I think in this case it is the best way.  Thanks to Chris-Dent for his patience with me as we worked through this question.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question