Re: [Samba] Migrating from Samba 3: no groups/users are imported ("listed, but then not found", "does not belong to our domain")

Rowland Penny via samba wrote 2018-09-06 14:37:
On Thu, 06 Sep 2018 12:22:11 +0700
Konstantin Boyandin via samba <samba@xxxxxxxxxxxxxxx> wrote:

Rowland Penny via samba wrote 2018-09-05 15:56:
> On Wed, 05 Sep 2018 15:26:30 +0700
> Konstantin Boyandin via samba <samba@xxxxxxxxxxxxxxx> wrote:
>> Exactly that. I need to create a separate domain; after all the
>> checks are done that switching to it works, the computers will
>> rejoin the new domain. Our Samba 3 domain is used for years; since
>> Window 10 is unable to join it any more, we are finally migrating
>> everything to Samba 4.
> Then you might as well just provision a new domain, dump your users,
> groups etc to a file. Write a script to parse the file and then add
> them to your new AD.

Current approach does import users and groups; it only fails to
assign users to groups properly. It can do already, but I would
prefer less manual interaction.

>> Note: every user belongs to "Domain Users" group, other group
>> memberships are lost.
> Yes, every AD users primary group is Domain Users, your other
> problem is very probably being caused by the way you are trying to
> bend the classicupgrade upgrade script

I am not sure what I am "bending".

The whole idea behind a classicupgrade is that you start with an
NT4-style PDC and end up with an AD DC. Your users, groups, etc have
the same RID's, the domain has the SID, all passwords are retained,
all RFC2307 attrinutes are retained and finally, the clients do not

The classic upgrade did fail in exactly the same way even when I
tried to do it literally as the corresponding guide tells:

Then there must be something wrong with your PDC, perhaps it was just
too old.

samba-3.6.23 based (CentOS 6).

In any case, re-adding users to groups manually is a lesser evil, it can be done in batch mode.


