Solved

How to migrate from a mixed workgroup/domain network with Linux DNS to a Windows 2003 Domain

Posted on 2009-03-31
11
281 Views
Last Modified: 2013-12-16
I have inherited a network which has been set up in the following configuration:
Approximately 8 servers, 3 of which are Windows Server 2003.  One of these servers is set up with an Active Directory structure, while the other two are not.  I have approximately 65 workstations that are all connected by various workgroups, and all can connect to the one Windows server running AD as it is also a file server (using a domain account, of course).  The remaining 5 servers are all Debian boxes.  One acts as a firewall/gateway/proxy/content filtering, two act as DNS servers (with one of those running DHCP, SAMBA, and intranet site, while the other one doubles as a web server), one is a SendMail server running Squirrelmail, and the last two are running misc. apps.  One last note, all servers have been set not to trust each other, if that will make a difference in your responses.

So, let's say for example that I want to add a new user to the network.  I first have to create their Active Directory account and set up permissions for the shared folders.  Then I have to create another user account on the mail server (which I am not currently worried about).  Then after that I have to create a local user on that employee's computer and make it identical to the domain account so they can access the file server's shared folders.  I am from an domain environment that ran primarily Windows servers and had AD, DNS, DHCP, and everything else controlled by Windows, so this is a whole new animal for me.

My goal is to transition from this structure to a 2003 Active Directory Domain, but I am not sure how to proceed.  I have been reading up on using a mixture of Windows and Linux for Active Directory and DNS, and I feel I would be better off running DNS and DHCP off of a Windows domain controller rather than Linux, but I would appreciate any suggestions, thoughts, steps, concerns, questions, and anything else that might come up concerning this procedure.  

I welcome your assistance.
Thank you.
0
Comment
Question by:devryguy81
  • 6
  • 5
11 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24029422

MS DNS tends to be slightly more useful and easier to maintain than BIND for an Active Directory Domain. That's not to say it's impossible to manage otherwise, but Secure Updates and Aging / Scavenging are useful features to have.

MS DHCP is less of a competitor. If you're moving DNS then you might more DHCP as well if it frees up the Linux box for something else. There aren't all that many features that would call for an MS DHCP server. Perhaps their ability to securely update DNS in this instance, but little else.

Both will work though, so perhaps it's better to go for the system you feel most comfortable with. The running cost of a DNS and DHCP server for 65 users is marginal whichever OS you choose.

Chris
0
 

Author Comment

by:devryguy81
ID: 24060961
Chris-Dent's comments are pretty in-line with what I was thinking.  Does anybody out there know of any "gotchyas" concerning moving over to MS-based control from Linux?  As I am not super familiar with running Linux-based servers, so any help is greatly appreciated.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24076193

Moving DNS is pleasantly easy. Enable zone transfers on the current Primary (in named.conf), set up a Secondary on the Windows side, then change the type to Primary once the transfer is complete (with a bit of clicking in the properties for the zone). Once done the NS records need cleaning up and the SOA record checking but that's all.

DHCP is harder because ideally you want to avoid handing out duplicate addresses. There are a couple of options there:

1. Create a lease range that does not conflict with the current leases
2. Enable Conflict Detection

Just curious, but is Samba hooking into the Domain Controller as well? Or acting on it's own with a separate set of user  accounts?

Chris
0
 

Author Comment

by:devryguy81
ID: 24131641
Chris,

I am not sure how Samba is getting its user information.  Is there a quick way to find out how it has been set?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24135847

It should be possible to check the authentication mode in smb.conf.

Chris
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:devryguy81
ID: 24217603
Chris,

It looks to be using local authentication, no domain...Where can I view the local user settings?  If I needed to make a change do I then need to restart a service as well?

Thanks
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24222700

What do you use to manage it on Debian? Or is it purely command line based?

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24222705

Oh and changes to smb.conf should be fine without a restart. It re-reads that configuration file quite regularly.

Chris
0
 

Author Comment

by:devryguy81
ID: 24260802
Currently all the Linux servers are being run in command line mode.  Being pretty much a Linux newbie (mainly a Windows guy), would I pick this stuff up quicker if I used the GUI?  How do I get into it?

Thanks
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24260896

It depends, it can be a pain in the backside to configure the GUI so that may just be opening another bigger kettle of fish.

This would / should list every user configured on the system:

cat /etc/passwd | cut -d":" -f1

Chris
0
 

Author Closing Comment

by:devryguy81
ID: 31621222
Since I am not moving a ton of accounts and other data, I have decided to recreate the domain fresh on a test LAN, then move everything over to the new network.  This is not what I was planning to do originally but I think in this case it is the best way.  Thanks to Chris-Dent for his patience with me as we worked through this question.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Join & Write a Comment

Suggested Solutions

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now