Re: Connection to a SAMBA Active Directory

That's likely true, although SAMBA will make it look it's just another
Winnt4 domain controller machine and does have some interactions with Active
Directory and has some LDAP (which in theory can hold whatever schema it
wants to); can be pretty slick actually. Newer versions of Samba look even
more like AD. Good enough to let some deployments have mixed mode
multi-functional etc domains/forests, etc, that include some Active
Directory components but not enough to deploy Exchange. Exchange requires
(requires; as in it is not an option whether or not to include Active
Directory) Active Directory. It's recommended that it be native mode/DFL
2003, whatever the latest marketing message is able to handle universal
groups.

If you were to have a deployment that had an Active Directory DC that held
all the roles etc, and off that a sub-domain or child domain of that parent
that was SAMBA, I'm not sure anybody would care. Sure it's not supported,
but... But if you tried to have AD be in the SAMBA domain, I'm thinking
you'll run into the issues as John points out and won't be able to deploy
and maintain SAMBA in that domain. SAMBA's a hack designed to let you run NT
4 style domains. It was updated, but....

I don't think you're a moron (original poster) for what it's worth. It's
very confusing what will integrate and how. There's a ton of documentation
about all of this, but it's not typically very clear especially coming from
the direction and background you're coming from. I suspect years from now
somebody from Microsoft will come out with a great set of bluebooks and say
something along the lines of, "Yeah, the documentation around this was
horrible in the past. That's all fixed in this 1.0 release of ...." Or
something similar.

Here's an example of the confusion that gets caused, "
A more scalable domain control authentication backend option might use
Microsoft Active Directory or an LDAP-based backend. Samba-3 provides for
both options as a domain member server. As a PDC, Samba-3 is not able to
provide an exact alternative to the functionality that is available with
Active Directory. Samba-3 can provide a scalable LDAP-based PDC/BDC
solution. " Clear right? I got that from
http://us5.samba.org/samba/docs/man/Samba-HOWTO-Collection/FastStart.html#id2524167

In the end, you'll have deploy Active Directory. You would be best served
to use a fresh installation-and-migration approach vs. trying to install in
the same SAMBA domain. It's a little more work yes. However, it allows for
your clients to learn the product (they think they know now I'm sure, but
then, why bother with you? :) and it allows for a clean start. Believe me,
with Exchange and Active Directory, you'll want that especially in an
environment where they're likely to be hostile towards Microsoft products at
some level or at the very least, wary and wondering why they are told to
deploy it.

A domain trusted domain might work, but I'd strongly suggest they just
consider one for simplicity sake. And be sure to recommend that they deploy
at least two DC/GC's! The use of Centrify or Vintella software might ease
the integration somewhat as well.

Good luck.

Al

"John Fullbright [MVP]" <fjohn@donotspamnetappdotcom> wrote in message
news:ejn9YsRjGHA.4716@xxxxxxxxxxxxxxxxxxxxxxx
I suspect it's the ldap server that ships with Linux and other eunuchs.
You often see it in combination with sendmail.

Not a chance.


"Paul Goldman" <paulgoldman1948@xxxxxxxxxxx> wrote in message
news:VQDig.10186$Z67.790@xxxxxxxxxxxxxxxxxxxxxxx
Sorry to sound like such a moron, but I've never heard of this
environment. I'm strictly a Windows person.

Are you saying that you don't think I can add into that environment a 2nd
domain controller on a real Windows box and have it replicate? And then
change the schema via ForestPre and DomainPrep?

Thanks.
"Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx> wrote in message
news:egyx4eAjGHA.1276@xxxxxxxxxxxxxxxxxxxxxxx
Wow. Such a contradiction in terms it's really hard to know where to
begin. There is no such thing as a SAMBA active directory. SAMBA is an
emulator and as such will emulate to the best of its ability. It will be
deficient in some areas.

I would not suggest to the client that this is OK. Far from it because
if you get it to work (doubtful) you'll leave them in an awkward state
where they can't get support. Exchange is only supported on Active
Directory. That's it. Nothing else. Not ADAM, not LDAP, but Active
Directory.

That said, you *might* have some luck with option 4: create a new AD
forest, deploy Exchange into it and allow them to logon by presenting
credentials at logon to the mailbox data. RPC/HTTP is a likely protocol
to explore.

The reverse could also be done, and by that I mean migrate their
workstations, servers, mac's, and nix boxes to the AD and then install
Exchange in there.

Al




"Paul Goldman" <paulgoldman1948@xxxxxxxxxxx> wrote in message
news:oIiig.10090$Z67.5300@xxxxxxxxxxxxxxxxxxxxxxx
I have a new client who wants me to install an Exchange server in their
infrastructure. They currently have a simulated AD using Samba to front
end a Linux-based LDAP directory. They have about 50 XP Pro workstations
that log into the domain. There are also 2 Windows member servers in the
domain. In addition, they have about 5 Macs and 10 Linux desktop
machines.

Does anyone have experience in this area. Will I be able to install an
Exchange server in the existing infrastructure? I figure I have 3
options.

1. Install Windows 2003 Server. Join the existing domain. Install AD on
the new Windows 2003 Server. See if it replicates. Try to install
Exchange 2003 Server. If the domainprep and forestprep work, then
everything should be OK (theoretically).

2. If the above fails, install Windows 2003 Server, create a new
domain. See if I can create a 2-way trust between the SAMBA domain and
the new domain. If that works, then proceed with Exchange installation
and migrate accounts over via ADMT.

3. If 2 fails, install Windows 2003 Server, create a new domain. Create
new accounts on new domain either manually or via LDIF export from
existing LDAP. Have users give new domain credentials when they launch
Outlook or Outlook Web Access.

Am I on the right track? Does anyone have any different or better
ideas?

Thanks.












.

Relevant Pages

  • Re: REDIR.ASP file in use - access denied when installing Exchange 2003 SP1
    ... To resolve the problem i gave the 'Server Operators' group Full Control ... As soon as this was done the install worked fine. ... > Installation Instructions for Service Pack 1 for Windows Small Business ... What's the exact error message when you are installing the Exchange ...
    (microsoft.public.windows.server.sbs)
  • Re: Blackberry and MS Exchange Administrator
    ... I understand that you want to install the Exchange ... System Manager components onto a server other than the SBS box. ...
    (microsoft.public.windows.server.sbs)
  • Re: Exchange 2003 and NT4 trusted domain
    ... > If you run Exchange 2003, you will need to install AD on at least on ... > use the server for Exchange. ... There would be no need to have a server at the remote ... There is a Linux box at each site ...
    (microsoft.public.exchange.connectivity)
  • Re: Exchange 2003 and NT4 trusted domain
    ... > If you run Exchange 2003, you will need to install AD on at least on ... > use the server for Exchange. ... There would be no need to have a server at the remote ... There is a Linux box at each site ...
    (microsoft.public.exchange.setup)
  • Re: Exchange 2003 and NT4 trusted domain
    ... > If you run Exchange 2003, you will need to install AD on at least on ... > use the server for Exchange. ... There would be no need to have a server at the remote ... There is a Linux box at each site ...
    (microsoft.public.exchange.admin)