samba domain controller and users login profile

Dear Experts:

Recently installed suse linux enterprise 11 and configured as samba domain controller with the ldap as password backend, now the in the LAN desktops and laptops are members or clients of windows 2003 AD.
My requirements:
Disjoin all the desktops and laptops from the Windows AD and join to the suse linux enterprise 11 samba domain controllers. But keeping their Documents and Settings of their local system as it is as msoutlook and data is available on their desktop and mydocuments .
Existing profile windows AD of all the users are of local profile as we have disabled the roaming profile due to the bandwidth consumption.
Now iam looking for the solution like retaining their local profile intact without any changes but join them to suse linux enterprise  samba pdc for this have created the user names same as windows AD user accounts.
Please help me how to achieve this also is this recommended or creating the new profile is recomenede. Please help. Thanks in advance.
D_wathiAsked:
Who is Participating?
 
ghodderConnect With a Mentor Commented:
All you need to do is update the permissions within each profile registry hive (NTUSER.DAT) as well as all files and directories within the profile to be owned by the new domain user account.

I have attached the instructions I created for performing these sorts of migrations. I've migrated many users on multiple domains this way and kept all their settings intact.

I would recommend creating a few test users in each domain first and run through it a few times to make sure you understand the process. The main thing you need to make sure you do is "take ownership" as the new domain user and apply it to all child objects, especially within the NTUSER.DAT otherwise it will be deleted and replaced with a fresh version. If that happens all registry settings will be lost and you will have to create a new profile for the user and will only be able to transfer files.
Domain-User-Profile-Migration.pdf
0
 
farzanjCommented:
You have to transfer all the LDIF.  You will have to export from AD and import into LDAP server.

You have to carefully make a list of all the existing feature that active directory is providing.  You would implement each into LDAP server and see whether every features translates or not using Samba.

Next phase, after implementing would be testing using some dummy system.  Do as through testing as you can.  The "disjoin" would be the last step when you have tested and figured out how everything would work.  Make sure you know how to revert back if something doesn't work
0
 
D_wathiAuthor Commented:
Thanks for the reply, can you please provide me good how to dos to acheive this.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
farzanjConnect With a Mentor Commented:
First step is to evaluate the feasibility.  I had some people questioning the usefulness of Samba as opposed to AD.  They said that with Samba you couldn't centralize user's access to all the software installed on the machine.  Do you want that?  I heard at that time that the then test version of Samba started doing that.  

This is just an example.  You need to know what exact features (all of them) that you would need on Samba and whether it would satisfy users or you would hear every one complaining.

If feasible then you can start doing some work.
Run your LDAP server.
Figure out how to import LDIF and any other tools/scripts available to automate the task.
Export LDIF from AD and import into LDAP
Import all features and with a laptop or dummy client test if it works as expected.
0
 
JammyPakCommented:
ldif can perhaps import the accounts, but that's probably the easy part (creating the accounts..). More of a pain will be migrating the user profiles because they will have to be migrated. Keeping the names the same will not help at all. You could try ADMT to migrate the profile, or you can just copy the My Docs, Desktop, Favourites to the new folder, or you can try to attach the new user account to the existing profile although this sometimes causes pain with permissions to the files.

How many users are you looking at doing this for?
what is the reason? I would seriously question why someone would migrate from Windows AD to Samba...sure it'll work but Samba is always behind in trying to add the features already present in AD. Especially If you have a multi-site domain I would really recommend against this....
0
 
JammyPakConnect With a Mentor Commented:
you can do something similar in the profiles tool (Control Panel, System)

you can choose the 'old' profile, select 'copy to' and copy it on top of the new profile folder. Fill in the 'permitted to use' box to select the user name  from the new domain to make sure the permissions get set.

I've used that in the past, and generally it was good. Occasionally needed to manually take ownership of something and force the permissions.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.