Migrating from Linux domain to Server 2012 - any way to preserve existing SIDs?

In preparation to bring outsourced Exchange in house, we are bringing up a proper Windows Server 2012 DC and AD.  Company operates a hybrid Linux/Windows network with Samba providing main Windows integration capability.  We are basically working on reversing the relationship: i.e. Windows Server 2012 DC and AD w/ Exchange with majority of user workstations Windows and majority of LAN server resources Linux (CentOS mostly), including the NFS.

In order to avoid realigning the bulk of the existing NFS, especially user home directories, I am trying to find out whether or not I can set new AD objects (users/computers) with old SIDs.  I know that the ADMT worked to migrate AD-like objects from Samba 3(maybe 4) to Server 2008, but as of yet I have not heard of ADMT's availability on Srvr2012 or it's equivalent.

Any suggestions would be helpful, but I accept at this point that I might have to re-create the whole thing...

April 11th, 2013 11:18pm

up till today, ADMT 3.2 (latest) is not supported on Server 2012. http://technet.microsoft.com/en-us/library/active-directory-migration-tool-versions-and-supported-environments(v=ws.10).aspx

I would suggest to deploy a Server 2008R2 DC to migrate your objects and later on removing that DC again. 2008R2 trial can be used in a VM which would make it a cost free solution. That is, if your DFL is not on

Free Windows Admin Tool Kit Click here and download it now
April 12th, 2013 1:55am

And, as a workaround, may I suggest you consider getacl/sed/setacl on your Linux box to reset FS permissions if all else fails?

April 15th, 2013 4:35am

ADMT is not supported on Server 2012, but you can create a temporary VM with Server 2008 which will have ADMT and SQL on it and use it form migration to DC on Server 2012.

Things that are worth testing:

1. Virtualise your Samba DC and one client machine

2. Set lab environment for those 2 VMs

3. Make sure that your Samba DC is configured properly (https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Joining_a_Windows_Domain_Controller_as_an_Additional_DC_in_a_Domain)

4. Add Server 2012 DC to lab environment

5. Add server 2008 with ADMT to lab environment

6. Check AD replication, as additional tests install RSAT on Server 2008 VM and try to hook up to Samba DC

7. Check does SID matches on both DCs for user and computer accounts

8. Test migration

Another way is to export all objects from Samba DC with their properties and to import them on Windows DC. Useful article: http://support.hp.com/us-en/document/c04056769?openCLC=true

Free Windows Admin Tool Kit Click here and download it now
February 7th, 2015 4:51am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics