Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

What is the best way to convert workstations/users with roaming profiles from a Samba domain to an AD domain

Posted on 2013-12-20
4
Medium Priority
?
447 Views
Last Modified: 2014-01-07
We are converting 200+ users from a Samba 3.5.6 domain to AD running on Windows 2012.  So far, it has been a spotty process, with issues pulling group machine and user policies, multiple re-boots, corrupted roaming profiles, etc.

The steps we are currently taking are:
   * Copy user's favorites and local files to a network directory
   * Log into PC (Win 7) as local Admin, and create new DNS entries for AD
   * Set the domain to WORKGROUP, restart, and join PC to the AD domain (FOG.Local)
   * On the AD server, move the newly joined machine to the OU that gets policy, run gpupdate and restart the PC
   * Log into the PC as Domain Admin (this is another spot where there are often problems - sometimes it take 3 or 4 restarts/gpupdate before the Domain Admin password is pushed from policy)
   * Log in as user (can take up to 15 minutes to build a profile, which is a roaming profile stored on a share created via GP)
   * Restore favorites and local files from network, and user is good to go

Once the conversion is done, the user doesn't have any trouble logging into FOG.Local, but we have a ton of users, and it can take an hour or more to convert one user machine, so to convert everyone to AD will take months.  It seems like there should be a much more streamlined process (or even a utility?) to make this go faster.  Are we doing something wrong or missing a step?
0
Comment
Question by:FFCIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 23

Accepted Solution

by:
Patrick Bogers earned 900 total points
ID: 39733536
Hi

Did you migrate the users from samba to windows using the ADMT tool or did you manually create the new users in ad?
If the latter is the case i am afraid you have some manual adding to do.

If you still are in the position to automate it please have a look below for the appropiate steps.

http://social.technet.microsoft.com/Forums/windowsserver/en-US/ab89dd41-3f39-4b94-8ab6-c0ad9858f818/samba-to-active-directory-migration-with-a-bit-of-nt-4-in-there-too?forum=winserverMigration
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 39734881
* Log into the PC as Domain Admin (this is another spot where there are often problems - sometimes it take 3 or 4 restarts/gpupdate before the Domain Admin password is pushed from policy)
Do you mean local admin user's password?  You don't need to sync the DA password on the workstation.

* Log in as user (can take up to 15 minutes to build a profile, which is a roaming profile stored on a share created via GP)
This tells me there's something wrong.  Seriously 15 mins to build a new profile when the user first logs in?  What speed is your network connection?  Is your profile server using local storage?
0
 

Author Comment

by:FFCIT
ID: 39736342
We've already created the users in AD (they are all OWA users).  Didn't realize there was a migration tool for AD - we'll look into it.

Yes, we are assigning the local Admin password via policy (not the DA password - I mis-spoke)
Network connections are all fast ethernet or GB, and I believe the profiles are being stored on a SAN, but we don't have any other network performance issues.

I am going to look at the Resultant Set of Policy for a test workstation - I get the sense that there is something wrong with the machine policy that is causing an issue.
0
 

Author Closing Comment

by:FFCIT
ID: 39763880
Didn't realize the ADMT could be applied to non-AD domains.  We'll look into this as a solution, but it apparently will only run on Server 2008, so we'll have to weigh the benefits of using the tool, vs. just hammering away a user at a time.

Thanks for the comments.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question