The SAMBA-LDAP-PDC Howto

17

Revision : 1.24

Migration

In this section, we’ll describe how to migrate from a Microsoft Windows NT PDC Server to a
Samba+LDAP Domain Controler, in two different user cases:
• migration from a given Domain (the old one) to another (the new one),
• the same Domain is used
In both cases, emphasis must be placed on transparency of migration: movement to the new
system (Samba+LDAP) should be accomplished with the absolute minimum of interference
to the working habits of users, and preferably without those users even noticing that is has
happened, if feasible.
In both cases, migration concern the following informations:
1. users accounts (humans and machines),
2. groups and group members,
3. users logon scripts,
4. users profiles (NTUSER.DAT),
5. all datas,
6. all shares and shares permissions informations,
7. all NTFS ACLs used by users on shares.

17.1
17.1.1

General issues
Users and machines accounts

Dumping the Microsoft Windows NT registry with PWDUMP Users and machine
accounts can be extracted from the Microsoft Windows NT SAM database, using the pwdump
utility: this handy utility dumps the password database of an NT machine that is held
in the NT registry into a valid smbpasswd format file. This utility may be downloaded
from ftp://ftp.samba.org/pub/samba/pwdump/. We use it instead of the net /domain NT
command because we want to retrieve the LANMAN and the NT passwords to left them
unchanged during the migration.
This utility must be run as ’Administrator’ in the PDC where the SAM to be migrated reside.
It dumps NT password entries in the format:
<user>:<id>:<lanman pw>:<NT pw>:<comment>:<homedir>:
Where:
page 42/56