samba domain controller and users login profile

Posted on 2011-10-30
Last Modified: 2012-05-12
Dear Experts:

Recently installed suse linux enterprise 11 and configured as samba domain controller with the ldap as password backend, now the in the LAN desktops and laptops are members or clients of windows 2003 AD.
My requirements:
Disjoin all the desktops and laptops from the Windows AD and join to the suse linux enterprise 11 samba domain controllers. But keeping their Documents and Settings of their local system as it is as msoutlook and data is available on their desktop and mydocuments .
Existing profile windows AD of all the users are of local profile as we have disabled the roaming profile due to the bandwidth consumption.
Now iam looking for the solution like retaining their local profile intact without any changes but join them to suse linux enterprise  samba pdc for this have created the user names same as windows AD user accounts.
Please help me how to achieve this also is this recommended or creating the new profile is recomenede. Please help. Thanks in advance.
Question by:D_wathi
    LVL 31

    Expert Comment

    You have to transfer all the LDIF.  You will have to export from AD and import into LDAP server.

    You have to carefully make a list of all the existing feature that active directory is providing.  You would implement each into LDAP server and see whether every features translates or not using Samba.

    Next phase, after implementing would be testing using some dummy system.  Do as through testing as you can.  The "disjoin" would be the last step when you have tested and figured out how everything would work.  Make sure you know how to revert back if something doesn't work

    Author Comment

    Thanks for the reply, can you please provide me good how to dos to acheive this.
    LVL 31

    Assisted Solution

    First step is to evaluate the feasibility.  I had some people questioning the usefulness of Samba as opposed to AD.  They said that with Samba you couldn't centralize user's access to all the software installed on the machine.  Do you want that?  I heard at that time that the then test version of Samba started doing that.  

    This is just an example.  You need to know what exact features (all of them) that you would need on Samba and whether it would satisfy users or you would hear every one complaining.

    If feasible then you can start doing some work.
    Run your LDAP server.
    Figure out how to import LDIF and any other tools/scripts available to automate the task.
    Export LDIF from AD and import into LDAP
    Import all features and with a laptop or dummy client test if it works as expected.
    LVL 16

    Expert Comment

    ldif can perhaps import the accounts, but that's probably the easy part (creating the accounts..). More of a pain will be migrating the user profiles because they will have to be migrated. Keeping the names the same will not help at all. You could try ADMT to migrate the profile, or you can just copy the My Docs, Desktop, Favourites to the new folder, or you can try to attach the new user account to the existing profile although this sometimes causes pain with permissions to the files.

    How many users are you looking at doing this for?
    what is the reason? I would seriously question why someone would migrate from Windows AD to Samba...sure it'll work but Samba is always behind in trying to add the features already present in AD. Especially If you have a multi-site domain I would really recommend against this....
    LVL 9

    Accepted Solution

    All you need to do is update the permissions within each profile registry hive (NTUSER.DAT) as well as all files and directories within the profile to be owned by the new domain user account.

    I have attached the instructions I created for performing these sorts of migrations. I've migrated many users on multiple domains this way and kept all their settings intact.

    I would recommend creating a few test users in each domain first and run through it a few times to make sure you understand the process. The main thing you need to make sure you do is "take ownership" as the new domain user and apply it to all child objects, especially within the NTUSER.DAT otherwise it will be deleted and replaced with a fresh version. If that happens all registry settings will be lost and you will have to create a new profile for the user and will only be able to transfer files.
    LVL 16

    Assisted Solution

    you can do something similar in the profiles tool (Control Panel, System)

    you can choose the 'old' profile, select 'copy to' and copy it on top of the new profile folder. Fill in the 'permitted to use' box to select the user name  from the new domain to make sure the permissions get set.

    I've used that in the past, and generally it was good. Occasionally needed to manually take ownership of something and force the permissions.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Suggested Solutions

    Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
    Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now