Solved

What is the best way to convert workstations/users with roaming profiles from a Samba domain to an AD domain

Posted on 2013-12-20
4
428 Views
Last Modified: 2014-01-07
We are converting 200+ users from a Samba 3.5.6 domain to AD running on Windows 2012.  So far, it has been a spotty process, with issues pulling group machine and user policies, multiple re-boots, corrupted roaming profiles, etc.

The steps we are currently taking are:
   * Copy user's favorites and local files to a network directory
   * Log into PC (Win 7) as local Admin, and create new DNS entries for AD
   * Set the domain to WORKGROUP, restart, and join PC to the AD domain (FOG.Local)
   * On the AD server, move the newly joined machine to the OU that gets policy, run gpupdate and restart the PC
   * Log into the PC as Domain Admin (this is another spot where there are often problems - sometimes it take 3 or 4 restarts/gpupdate before the Domain Admin password is pushed from policy)
   * Log in as user (can take up to 15 minutes to build a profile, which is a roaming profile stored on a share created via GP)
   * Restore favorites and local files from network, and user is good to go

Once the conversion is done, the user doesn't have any trouble logging into FOG.Local, but we have a ton of users, and it can take an hour or more to convert one user machine, so to convert everyone to AD will take months.  It seems like there should be a much more streamlined process (or even a utility?) to make this go faster.  Are we doing something wrong or missing a step?
0
Comment
Question by:FFCIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 23

Accepted Solution

by:
Patrick Bogers earned 300 total points
ID: 39733536
Hi

Did you migrate the users from samba to windows using the ADMT tool or did you manually create the new users in ad?
If the latter is the case i am afraid you have some manual adding to do.

If you still are in the position to automate it please have a look below for the appropiate steps.

http://social.technet.microsoft.com/Forums/windowsserver/en-US/ab89dd41-3f39-4b94-8ab6-c0ad9858f818/samba-to-active-directory-migration-with-a-bit-of-nt-4-in-there-too?forum=winserverMigration
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39734881
* Log into the PC as Domain Admin (this is another spot where there are often problems - sometimes it take 3 or 4 restarts/gpupdate before the Domain Admin password is pushed from policy)
Do you mean local admin user's password?  You don't need to sync the DA password on the workstation.

* Log in as user (can take up to 15 minutes to build a profile, which is a roaming profile stored on a share created via GP)
This tells me there's something wrong.  Seriously 15 mins to build a new profile when the user first logs in?  What speed is your network connection?  Is your profile server using local storage?
0
 

Author Comment

by:FFCIT
ID: 39736342
We've already created the users in AD (they are all OWA users).  Didn't realize there was a migration tool for AD - we'll look into it.

Yes, we are assigning the local Admin password via policy (not the DA password - I mis-spoke)
Network connections are all fast ethernet or GB, and I believe the profiles are being stored on a SAN, but we don't have any other network performance issues.

I am going to look at the Resultant Set of Policy for a test workstation - I get the sense that there is something wrong with the machine policy that is causing an issue.
0
 

Author Closing Comment

by:FFCIT
ID: 39763880
Didn't realize the ADMT could be applied to non-AD domains.  We'll look into this as a solution, but it apparently will only run on Server 2008, so we'll have to weigh the benefits of using the tool, vs. just hammering away a user at a time.

Thanks for the comments.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question