Re: save sID during migrating from Samba to ADS to sIDHistory
- From: "Jorge de Almeida Pinto [MVP - DS]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
- Date: Sat, 17 Mar 2007 03:44:45 +0100
you would need to pre-create the computer account and designate it to a BDC
and then start installing the NT4 OS while choosing to install a BDC. is
that possible in SAMBA?
No, a w2k/w2k3 cannot be a BDC. To introduce w2k/w2k3 DCs you need to
upgrade the PDC first and after that you can introduce additional w2k/w2k3
DCs
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Björn Urbanek" <BjoernUrbanek@xxxxxx> wrote in message
news:utuFDLKZHHA.5080@xxxxxxxxxxxxxxxxxxxxxxx
Hello Joe!
An other questing regarding this topic.
I tried to set up an NT BDC, but it will be not possible during the win NT
Server setup.
In generall I'm able to join the target domain.
So ist one of this things possible:
Setup an BPDC without creating an computer account, because there is still
existing? (in Samba you have to create the computer accounts for WinNT
manually before you can join the Domain).
Or is it possible o make an WinNT Domain Member server to the NT BDC if he
is still det uped?
Is it possible to use Windows Server 2000 as BDC for an WinNT4 Domain? (I
think that isn't possible, but I could be wrong in this point)
Thank you very mutch!!
Björn
Joe Richards [MVP] schrieb:
If Samba will let you set up an NT BDC like that and then you can dump
the SAMBA server and promote the NT BDC to PDC, yes then you should be
able to migrate.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Björn Urbanek wrote:
Hello Joe,
Thanks for your message. So one way could be to set up an Win NT DC as
BDC for the SAMBA DC an using this one for the replication the the ADS?
Thanks... Bjoern
Joe Richards [MVP] schrieb:
I don't believe you are going to be able to maintain those SIDs unless
you can get a Windows NT DC to replicate from the SAMBA server. It just
isn't designed to work with SAMBA and there are massive security
concerns around this functionality so it is considerably locked down to
try and assure things are done as securely as possible. All MSFT tools
and most third party tools will have the same limitations as they are
low level OS requirements. Quest *might* have something to side step
this because they have tools that do things in sneakier ways and not
necessarily supported ways.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Björn Urbanek wrote:
Hello together,
we want to migrate vom an Samba3 server to ADS and its necessary to
save the old sIDs in teh sID History.
During the migration with ADMT it always appears the following error:
(translated from german)
"Its not possible to migrate the SIDs, because the auditing and
'TcpipClientSupport' in the Domain was not confirmed. The system can
not find the specified file"
An bidirectional domain trust between the old and the new doamin is
arranged successful.
I think thats is an problem with SAMBA, because on the smaba server I
can't set an registry value.
So I have tried to use "sidhist.vbs" from the support tools. But here
appears the following error:
____
Connected
Error 0x80072158 occurred.
Error Description: Failed to add the source SID to the destination
object's SID
history. The error was: "You have to activate auditing in the target
domain" (translated from german)
Error HelpContext: 0
Error HelpFile :
Error Source : DSUtils.ClonePrincipal.1
____
So far so good, but I have already activated the auditing in the
target domain in the default domain policies. The error still appears.
:-(
Have anybody an idea to solve this problem?
Thanks a lot!
*Bjoern*
.
- References:
- save sID during migrating from Samba to ADS to sIDHistory
- From: Björn Urbanek
- Re: save sID during migrating from Samba to ADS to sIDHistory
- From: Joe Richards [MVP]
- Re: save sID during migrating from Samba to ADS to sIDHistory
- From: Björn Urbanek
- Re: save sID during migrating from Samba to ADS to sIDHistory
- From: Joe Richards [MVP]
- Re: save sID during migrating from Samba to ADS to sIDHistory
- From: Björn Urbanek
- save sID during migrating from Samba to ADS to sIDHistory
- Prev by Date: Re: Backup and restor AD
- Next by Date: Re: AD Consolidation Question
- Previous by thread: Re: save sID during migrating from Samba to ADS to sIDHistory
- Next by thread: roaming profile replication
- Index(es):
Relevant Pages
|
