Solved

How to migrate from a mixed workgroup/domain network with Linux DNS to a Windows 2003 Domain

Posted on 2009-03-31
11
284 Views
Last Modified: 2013-12-16
I have inherited a network which has been set up in the following configuration:
Approximately 8 servers, 3 of which are Windows Server 2003.  One of these servers is set up with an Active Directory structure, while the other two are not.  I have approximately 65 workstations that are all connected by various workgroups, and all can connect to the one Windows server running AD as it is also a file server (using a domain account, of course).  The remaining 5 servers are all Debian boxes.  One acts as a firewall/gateway/proxy/content filtering, two act as DNS servers (with one of those running DHCP, SAMBA, and intranet site, while the other one doubles as a web server), one is a SendMail server running Squirrelmail, and the last two are running misc. apps.  One last note, all servers have been set not to trust each other, if that will make a difference in your responses.

So, let's say for example that I want to add a new user to the network.  I first have to create their Active Directory account and set up permissions for the shared folders.  Then I have to create another user account on the mail server (which I am not currently worried about).  Then after that I have to create a local user on that employee's computer and make it identical to the domain account so they can access the file server's shared folders.  I am from an domain environment that ran primarily Windows servers and had AD, DNS, DHCP, and everything else controlled by Windows, so this is a whole new animal for me.

My goal is to transition from this structure to a 2003 Active Directory Domain, but I am not sure how to proceed.  I have been reading up on using a mixture of Windows and Linux for Active Directory and DNS, and I feel I would be better off running DNS and DHCP off of a Windows domain controller rather than Linux, but I would appreciate any suggestions, thoughts, steps, concerns, questions, and anything else that might come up concerning this procedure.  

I welcome your assistance.
Thank you.
0
Comment
Question by:devryguy81
  • 6
  • 5
11 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24029422

MS DNS tends to be slightly more useful and easier to maintain than BIND for an Active Directory Domain. That's not to say it's impossible to manage otherwise, but Secure Updates and Aging / Scavenging are useful features to have.

MS DHCP is less of a competitor. If you're moving DNS then you might more DHCP as well if it frees up the Linux box for something else. There aren't all that many features that would call for an MS DHCP server. Perhaps their ability to securely update DNS in this instance, but little else.

Both will work though, so perhaps it's better to go for the system you feel most comfortable with. The running cost of a DNS and DHCP server for 65 users is marginal whichever OS you choose.

Chris
0
 

Author Comment

by:devryguy81
ID: 24060961
Chris-Dent's comments are pretty in-line with what I was thinking.  Does anybody out there know of any "gotchyas" concerning moving over to MS-based control from Linux?  As I am not super familiar with running Linux-based servers, so any help is greatly appreciated.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24076193

Moving DNS is pleasantly easy. Enable zone transfers on the current Primary (in named.conf), set up a Secondary on the Windows side, then change the type to Primary once the transfer is complete (with a bit of clicking in the properties for the zone). Once done the NS records need cleaning up and the SOA record checking but that's all.

DHCP is harder because ideally you want to avoid handing out duplicate addresses. There are a couple of options there:

1. Create a lease range that does not conflict with the current leases
2. Enable Conflict Detection

Just curious, but is Samba hooking into the Domain Controller as well? Or acting on it's own with a separate set of user  accounts?

Chris
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 

Author Comment

by:devryguy81
ID: 24131641
Chris,

I am not sure how Samba is getting its user information.  Is there a quick way to find out how it has been set?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24135847

It should be possible to check the authentication mode in smb.conf.

Chris
0
 

Author Comment

by:devryguy81
ID: 24217603
Chris,

It looks to be using local authentication, no domain...Where can I view the local user settings?  If I needed to make a change do I then need to restart a service as well?

Thanks
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24222700

What do you use to manage it on Debian? Or is it purely command line based?

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24222705

Oh and changes to smb.conf should be fine without a restart. It re-reads that configuration file quite regularly.

Chris
0
 

Author Comment

by:devryguy81
ID: 24260802
Currently all the Linux servers are being run in command line mode.  Being pretty much a Linux newbie (mainly a Windows guy), would I pick this stuff up quicker if I used the GUI?  How do I get into it?

Thanks
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24260896

It depends, it can be a pain in the backside to configure the GUI so that may just be opening another bigger kettle of fish.

This would / should list every user configured on the system:

cat /etc/passwd | cut -d":" -f1

Chris
0
 

Author Closing Comment

by:devryguy81
ID: 31621222
Since I am not moving a ton of accounts and other data, I have decided to recreate the domain fresh on a test LAN, then move everything over to the new network.  This is not what I was planning to do originally but I think in this case it is the best way.  Thanks to Chris-Dent for his patience with me as we worked through this question.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question