Replacing a Windows Domain Controller with a Linux:OpenLDAP importing from Windows AD
Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Replacing a Windows Domain Controller with a Linux:OpenLDAP importing from Windows AD
I am trying to import Active Directory data from a Windows domain controller into an OpenLDAP server. The goal is to replace the Windows DC with a Linux server. I have searched around on the web and not found a blog/walkthru/cookbook post on how to do this. It seems like a common task. If OpenLDAP is not the right product, please tell me the right one and point me at a walkthru.
This needs to support 2K data (i.e. group policy), not just the NT 4 Domain controller functions.
As an alternative, if there is a way to create group policy within a Linux based system Domain Controller, that would be sufficient for a proof of concept to the boss for getting Linux to replace Windows as a server. And I can manually recreate the group policies in the Linux environment. The critical thing is that it needs to work without installing new stuff on the client. Again, please point me at a walk thru for doing this (or post one as a reply)
If I remember right Group policies are only vaild for Windows 2000 servers and windows 2003 server. Microsoft uses their on ldap modified software.
As for the transfer of users you may want to look into replicating information. It may be able to be done. Openldap will be your best bet though. try this it may help. http://enterprise.linux.com/article....id=101&tid=100
Thanks for the suggestions. Samba-4 is still too early in development to be useful. I haven't yet gotten OpenLDAP to be able to import a microsoft schema. There are a number of variances from the spec (some of which M$ documents) and thus the core.schema is not able to be used. No one seems to have successfully replicated AD with group policy with OpenLDAP.
Man,
This is my opinion and strictly my opinion. If I were your boss I wouldn't feel comfortable with replacing such a critical part of my technology infrastructure with a technology that my staff doesn't feel comfortable supporting. I'm not sure how large your environment is, but that is a really risky migration, especially if you're not totally comfortable with it.
NOW, with that said, I'll admit, when I read the opening post, I was very intrigued I've been sysadmin'ing Windows environments for a while now and just recently dived into the Linux swimming pool. The more I use it, the more I am amazed of what it can do (particularly the Samba technology!)
Good luck with your project, definitely keep us posted on it
After reading zer0hmz post I say that he made a rather good point. This is going to be done in a test environment first right. I personally never do things in a live environment before it is tested, retested and I am happy with the results.
Yes folks, test environment first. I have a small separate net that I am going to clone the Windows server on, remap machines in a slow progress to check scaling. Proof of Concept first, then cut over. Linux to Linux I understand, Linux to Windows Server is well documented, Windows to Windows works (but crashes far too often). But putting the Linux box in its proper role (IMHO) as the reliable invisible server has so far eluded me. Linux+Apache is far superior to Windows+IIS. Old Samba as a file server works well. Its the AD functions that elude me.
Thank you so much for the pointer. It looks promising. It is not free, but sometimes pay solutions that leverage open source are the best option. It uses OpenLDAP on the back end.
have you looked at Resara Server? its a free/open source Linux domain controller based on samba4, its been around for a year now and seems to be developing a following.
This works best....but why would you want to do this?? Windows AD with groups policy and other management tools is better but less stable than linux acting as AD server.So why do this when you can simply use samba and authenticate against windows AD
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
I've been sysadmin'ing Windows environments for a while now and just recently dived into the Linux swimming pool. The more I use it, the more I am amazed of what it can do (particularly the Samba technology!) 
