Topic: How would you approach this?

[gbentley]

Hi, I have come across a small company still using Window 2000 Server SBS on a very old Dell box!!!

I have figured that it is only actually providing three services as a PDC;

* DHCP
* Login Scripts
* User Profiles

I know I can do the first two on SME however the User Profiles are a bit of an issue...

I have been told that it is not possible to take users machines off the domain and force them to create new profiles etc [nor do they want me to do that for them]

This begs the question - if this box is removed how much of the users profile is cached locally and does this include admin user / pass privs?

Or to put it another way, is there a way to avoid having to re-create the user profiles?

Any advice greatfuly received!

[Stefano]

Maybe I'm missing something, but what about copying profiles? They are just directories..
About domain, you'd use the same SID on SME.. Be aware you've to use all the same  SIDs

[Jáder]

I have interest in know a lot MORE about how to change HARDWARE and keep same SSIDs (change after install on new server) to avoid loose trust between server and computers. If you (STEFANO) can help me about this I appreciate.

For now, I can suggest gbentley to search about ProfWiz.
It a free tool to move profiles from local to network domain.

This way a user with a local profile can join a domain and loose nothing in process.
I´m not sure it could work from domainA to domainB, but that it´s easy and painless to test:
1) create a new user on a test machine (nothing bad should happen on that machine, but we´re joining it to domain and removing, so I´m calling it a test machine);
2) login as this new user
3) change preferences, save things on desktop, create files and save on "my documents" of this profile
4) login as local admin
5) copy profwiz to your desktop and run it
6) migrate that newuser profile to domain (profwiz join machine to domain in process!).
7) after some reboots, you´ll know if you´re Ok
8 ) if everything it´s OK, donate something to SME project ... I´ll appreciate this as much as an Amazon gift from my wishlist !

[Stefano]

I have interest in know a lot MORE about how to change HARDWARE and keep same SSIDs (change after install on new server) to avoid loose trust between server and computers. If you (STEFANO) can help me about this I appreciate.

well, if you change hw you've only to restore a good backup.. nothing more
SME's own backup has everything needed inside

about migrating from a windows DC to a SME DC, I'd approach in this way:
- install SME and configure it as a domain controller: be sure it's disconnected from the lan and that the domain name is the same and that roaming profiles are enabled.
- on windows side, get the domain SID
- on SME side, change the domain SID with the one you found before
- create all the user needed and the machine accounts.. for each one you have to find the SID on windows and change it on SME
- copy users' profiles from windows to SME.. be sure to change permissions and ownership accordingly

disconnect windows server from the lan and connect SME.. if everything is ok, you'd be able to auth your users..
to test it create a test user on SME and try to login using its credentials

NOTE: not tested, should work
NOTE2: roaming profiles are prone to problems and M$ doesn't do anything to make things easier.. be aware that different clients (IOW different windows flavour) have different profiles.. when you create an user on SME, you'll find that it has in /home/e-smith/files/samba/profiles many folders

please read here: http://www.linuxtopia.org/online_books/network_administration_guides/samba_reference_guide/34_ProfileMgmt_16.html

[gbentley]

Thinks for the tips so far

Maybe I did not make my question clear though so will re-phrase;

Is it possible that I can remove the PDC permanently [and not replace they dont actually need a PDC: Login scripts can be local just mapping other NAS boxes, DHCP can be done on router] but have the user login with their existing desktops, settings, profile etc and still be able to do admin tasks - all from locally cached data?

Bear in mind that this is a live env with about 30 staff. I have been told there must be no disruption to work flow 

Eggs and omlettes come to mind!

Edit: This https://community.spiceworks.com/topic/376109-cannot-contact-domain-controller-how-to-log-in-if-you-don-t-have-local-admin

seems to suggest that as long as an account has previously been logged into the PDC that local cached creds will be used.

Where as this list seem mostly not relevant in my case;

http://serverfault.com/questions/538122/how-do-windows-domain-clients-behave-if-the-dc-is-offline

[ReetP]

Thinks for the tips so far

Bear in mind that this is a live env with about 30 staff. I have been told there must be no disruption to work flow 

Eggs and omlettes come to mind!

You can't do the impossible, and they should have upgraded years ago.... that's their fault, not yours !

Think a good test environment to duplicate it all will be worth the time effort and to try and minimise disruption. No, it may not come cheap, but then zero disruption will never be cheap

Confuscious say 'company needing zero disruption needs IT guru prepared to work 24/7 inc weekends. Such a man needs much luck does he'

[gbentley]

Thanks to Jader I have been testing out Profile Wizard today which makes this real easy. I can migrate the domain accounts to local accounts and apart from the login screen the user wont notice much difference at all. I can then install the login script locally and set the IP as static.

This all means that I can work through the machines a few at a time until they are all done [back to a peer-to-peer network] at which point I can simply remove the old PDC!

Phew! Saved by the SME forum yet again!



NB I moved to monthly donations last month as its well worth it for the great support / help here

[ReetP]

Excellent news then !

Well done.

[Jáder]

It´s nice to see you could use my tip: I found ProfWiz when moving 45 users from Win to SME: was a wonderful help... mininum disruption and user problems.
I was not aware it could be used to move from domain to local ! Thanks by the info.

regards

Jáder