Skip to main content

Migrating users (and groups, computers, policies, etc.) from an existing Samba Active Directory (AD DC) to a new Samba AD DC server

 

Migrating users (and groups, computers, policies, etc.) from an existing Samba Active Directory (AD DC) to a new Samba AD DC server depends on whether you want to :

1. Add a new Samba AD server and join it to the same domain (recommended, keeps all users and objects intact).

2. Do a manual migration (export/import LDAP + sysvol, useful if you cannot connect the servers).


✅ Recommended Method: Join New Samba DC and Demote Old One

This is the safest approach because Samba uses a multi-master replication model similar to Windows AD.

Steps:

1. Prepare new server

  • Install Samba with the same version (or newer) as the old server.
  • Ensure DNS resolution and NTP sync are working between both servers.

2. Join new server as an additional DC

samba-tool domain join yourdomain.local DC -U"Administrator"

  • This will replicate users, groups, computers, and DNS zones automatically.

3. Check replication health

samba-tool drs showrepl
samba-tool domain level show

Make sure inbound/outbound replication works.

4. Transfer FSMO roles to new server 

On the new DC:

samba-tool fsmo transfer --role=all

Verify:

samba-tool fsmo show

5. Migrate Sysvol

Samba should replicate Sysvol using rsync (not FRS like Windows). You may need to sync it manually:

rsync -XAavz --delete /var/lib/samba/sysvol/ root@new-dc:/var/lib/samba/sysvol/

6. Demote old DC (optional)

Once everything works:

samba-tool domain demote -U"Administrator"

❎Alternative: Manual Migration (if replication not possible)

If you cannot connect both servers:

1. Backup old Samba AD database

samba-tool domain backup online --targetdir=/root/samba-backup/

or offline with:

samba-tool domain backup offline --targetdir=/root/samba-backup/

2. Restore on new server

On the new Samba server:

mv /var/lib/samba /var/lib/samba_old
mkdir -p /var/lib/samba
samba-tool domain backup restore --backup-file=/root/samba-backup/samba-file-backup.tar.bz2 --targetdir=/var/lib/samba --newservername=NewServerName

3. Copy Sysvol

rsync -XAavz /var/lib/samba/sysvol/ newserver:/var/lib/samba/sysvol/

4. Update DNS / Kerberos configs

Adjust /etc/krb5.conf, /etc/hosts, and smb.conf to reflect the new server hostname.

✅Things to Double-Check After Migration

  • samba-tool drs showrepl → replication success
  • samba-tool user list → all users visible
  • samba-tool group list → groups intact
  • wbinfo -u and wbinfo -g → winbind lists users/groups
  • Client authentication (Windows/Linux machines still log in correctly)
Labels:

Comments

Post a Comment