[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 303
  • Last Modified:

How to migrate from a mixed workgroup/domain network with Linux DNS to a Windows 2003 Domain

I have inherited a network which has been set up in the following configuration:
Approximately 8 servers, 3 of which are Windows Server 2003.  One of these servers is set up with an Active Directory structure, while the other two are not.  I have approximately 65 workstations that are all connected by various workgroups, and all can connect to the one Windows server running AD as it is also a file server (using a domain account, of course).  The remaining 5 servers are all Debian boxes.  One acts as a firewall/gateway/proxy/content filtering, two act as DNS servers (with one of those running DHCP, SAMBA, and intranet site, while the other one doubles as a web server), one is a SendMail server running Squirrelmail, and the last two are running misc. apps.  One last note, all servers have been set not to trust each other, if that will make a difference in your responses.

So, let's say for example that I want to add a new user to the network.  I first have to create their Active Directory account and set up permissions for the shared folders.  Then I have to create another user account on the mail server (which I am not currently worried about).  Then after that I have to create a local user on that employee's computer and make it identical to the domain account so they can access the file server's shared folders.  I am from an domain environment that ran primarily Windows servers and had AD, DNS, DHCP, and everything else controlled by Windows, so this is a whole new animal for me.

My goal is to transition from this structure to a 2003 Active Directory Domain, but I am not sure how to proceed.  I have been reading up on using a mixture of Windows and Linux for Active Directory and DNS, and I feel I would be better off running DNS and DHCP off of a Windows domain controller rather than Linux, but I would appreciate any suggestions, thoughts, steps, concerns, questions, and anything else that might come up concerning this procedure.  

I welcome your assistance.
Thank you.
0
devryguy81
Asked:
devryguy81
  • 6
  • 5
1 Solution
 
Chris DentPowerShell DeveloperCommented:

MS DNS tends to be slightly more useful and easier to maintain than BIND for an Active Directory Domain. That's not to say it's impossible to manage otherwise, but Secure Updates and Aging / Scavenging are useful features to have.

MS DHCP is less of a competitor. If you're moving DNS then you might more DHCP as well if it frees up the Linux box for something else. There aren't all that many features that would call for an MS DHCP server. Perhaps their ability to securely update DNS in this instance, but little else.

Both will work though, so perhaps it's better to go for the system you feel most comfortable with. The running cost of a DNS and DHCP server for 65 users is marginal whichever OS you choose.

Chris
0
 
devryguy81Author Commented:
Chris-Dent's comments are pretty in-line with what I was thinking.  Does anybody out there know of any "gotchyas" concerning moving over to MS-based control from Linux?  As I am not super familiar with running Linux-based servers, so any help is greatly appreciated.
0
 
Chris DentPowerShell DeveloperCommented:

Moving DNS is pleasantly easy. Enable zone transfers on the current Primary (in named.conf), set up a Secondary on the Windows side, then change the type to Primary once the transfer is complete (with a bit of clicking in the properties for the zone). Once done the NS records need cleaning up and the SOA record checking but that's all.

DHCP is harder because ideally you want to avoid handing out duplicate addresses. There are a couple of options there:

1. Create a lease range that does not conflict with the current leases
2. Enable Conflict Detection

Just curious, but is Samba hooking into the Domain Controller as well? Or acting on it's own with a separate set of user  accounts?

Chris
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
devryguy81Author Commented:
Chris,

I am not sure how Samba is getting its user information.  Is there a quick way to find out how it has been set?
0
 
Chris DentPowerShell DeveloperCommented:

It should be possible to check the authentication mode in smb.conf.

Chris
0
 
devryguy81Author Commented:
Chris,

It looks to be using local authentication, no domain...Where can I view the local user settings?  If I needed to make a change do I then need to restart a service as well?

Thanks
0
 
Chris DentPowerShell DeveloperCommented:

What do you use to manage it on Debian? Or is it purely command line based?

Chris
0
 
Chris DentPowerShell DeveloperCommented:

Oh and changes to smb.conf should be fine without a restart. It re-reads that configuration file quite regularly.

Chris
0
 
devryguy81Author Commented:
Currently all the Linux servers are being run in command line mode.  Being pretty much a Linux newbie (mainly a Windows guy), would I pick this stuff up quicker if I used the GUI?  How do I get into it?

Thanks
0
 
Chris DentPowerShell DeveloperCommented:

It depends, it can be a pain in the backside to configure the GUI so that may just be opening another bigger kettle of fish.

This would / should list every user configured on the system:

cat /etc/passwd | cut -d":" -f1

Chris
0
 
devryguy81Author Commented:
Since I am not moving a ton of accounts and other data, I have decided to recreate the domain fresh on a test LAN, then move everything over to the new network.  This is not what I was planning to do originally but I think in this case it is the best way.  Thanks to Chris-Dent for his patience with me as we worked through this question.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now