Solved

What is the best way to convert workstations/users with roaming profiles from a Samba domain to an AD domain

Posted on 2013-12-20
4
414 Views
Last Modified: 2014-01-07
We are converting 200+ users from a Samba 3.5.6 domain to AD running on Windows 2012.  So far, it has been a spotty process, with issues pulling group machine and user policies, multiple re-boots, corrupted roaming profiles, etc.

The steps we are currently taking are:
   * Copy user's favorites and local files to a network directory
   * Log into PC (Win 7) as local Admin, and create new DNS entries for AD
   * Set the domain to WORKGROUP, restart, and join PC to the AD domain (FOG.Local)
   * On the AD server, move the newly joined machine to the OU that gets policy, run gpupdate and restart the PC
   * Log into the PC as Domain Admin (this is another spot where there are often problems - sometimes it take 3 or 4 restarts/gpupdate before the Domain Admin password is pushed from policy)
   * Log in as user (can take up to 15 minutes to build a profile, which is a roaming profile stored on a share created via GP)
   * Restore favorites and local files from network, and user is good to go

Once the conversion is done, the user doesn't have any trouble logging into FOG.Local, but we have a ton of users, and it can take an hour or more to convert one user machine, so to convert everyone to AD will take months.  It seems like there should be a much more streamlined process (or even a utility?) to make this go faster.  Are we doing something wrong or missing a step?
0
Comment
Question by:FFCIT
  • 2
4 Comments
 
LVL 22

Accepted Solution

by:
Patrick Bogers earned 300 total points
ID: 39733536
Hi

Did you migrate the users from samba to windows using the ADMT tool or did you manually create the new users in ad?
If the latter is the case i am afraid you have some manual adding to do.

If you still are in the position to automate it please have a look below for the appropiate steps.

http://social.technet.microsoft.com/Forums/windowsserver/en-US/ab89dd41-3f39-4b94-8ab6-c0ad9858f818/samba-to-active-directory-migration-with-a-bit-of-nt-4-in-there-too?forum=winserverMigration
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39734881
* Log into the PC as Domain Admin (this is another spot where there are often problems - sometimes it take 3 or 4 restarts/gpupdate before the Domain Admin password is pushed from policy)
Do you mean local admin user's password?  You don't need to sync the DA password on the workstation.

* Log in as user (can take up to 15 minutes to build a profile, which is a roaming profile stored on a share created via GP)
This tells me there's something wrong.  Seriously 15 mins to build a new profile when the user first logs in?  What speed is your network connection?  Is your profile server using local storage?
0
 

Author Comment

by:FFCIT
ID: 39736342
We've already created the users in AD (they are all OWA users).  Didn't realize there was a migration tool for AD - we'll look into it.

Yes, we are assigning the local Admin password via policy (not the DA password - I mis-spoke)
Network connections are all fast ethernet or GB, and I believe the profiles are being stored on a SAN, but we don't have any other network performance issues.

I am going to look at the Resultant Set of Policy for a test workstation - I get the sense that there is something wrong with the machine policy that is causing an issue.
0
 

Author Closing Comment

by:FFCIT
ID: 39763880
Didn't realize the ADMT could be applied to non-AD domains.  We'll look into this as a solution, but it apparently will only run on Server 2008, so we'll have to weigh the benefits of using the tool, vs. just hammering away a user at a time.

Thanks for the comments.
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
An article on effective troubleshooting
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question