-   Linux - Enterprise (
-   -   Replacing a Windows Domain Controller with a Linux:OpenLDAP importing from Windows AD (

mstevensfullarmor 07-17-2006 03:36 PM

Replacing a Windows Domain Controller with a Linux:OpenLDAP importing from Windows AD
I am trying to import Active Directory data from a Windows domain controller into an OpenLDAP server. The goal is to replace the Windows DC with a Linux server. I have searched around on the web and not found a blog/walkthru/cookbook post on how to do this. It seems like a common task. If OpenLDAP is not the right product, please tell me the right one and point me at a walkthru.

This needs to support 2K data (i.e. group policy), not just the NT 4 Domain controller functions.

As an alternative, if there is a way to create group policy within a Linux based system Domain Controller, that would be sufficient for a proof of concept to the boss for getting Linux to replace Windows as a server. And I can manually recreate the group policies in the Linux environment. The critical thing is that it needs to work without installing new stuff on the client. Again, please point me at a walk thru for doing this (or post one as a reply)

jstephens84 07-17-2006 10:09 PM

If I remember right Group policies are only vaild for Windows 2000 servers and windows 2003 server. Microsoft uses their on ldap modified software.

As for the transfer of users you may want to look into replicating information. It may be able to be done. Openldap will be your best bet though. try this it may help.

StevenPritchard 07-24-2006 08:46 PM


Originally Posted by mstevensfullarmor
This needs to support 2K data (i.e. group policy), not just the NT 4 Domain controller functions.

You'll need Samba 4 (currently in development) for that.

mstevensfullarmor 07-26-2006 04:27 PM


Thanks for the suggestions. Samba-4 is still too early in development to be useful. I haven't yet gotten OpenLDAP to be able to import a microsoft schema. There are a number of variances from the spec (some of which M$ documents) and thus the core.schema is not able to be used. No one seems to have successfully replicated AD with group policy with OpenLDAP.

zer0hmz 07-26-2006 10:14 PM

This is my opinion and strictly my opinion. If I were your boss I wouldn't feel comfortable with replacing such a critical part of my technology infrastructure with a technology that my staff doesn't feel comfortable supporting. I'm not sure how large your environment is, but that is a really risky migration, especially if you're not totally comfortable with it.

NOW, with that said, I'll admit, when I read the opening post, I was very intrigued :) I've been sysadmin'ing Windows environments for a while now and just recently dived into the Linux swimming pool. The more I use it, the more I am amazed of what it can do (particularly the Samba technology!)

Good luck with your project, definitely keep us posted on it

jstephens84 07-26-2006 11:48 PM

After reading zer0hmz post I say that he made a rather good point. This is going to be done in a test environment first right. I personally never do things in a live environment before it is tested, retested and I am happy with the results.

mstevensfullarmor 07-27-2006 10:26 AM

Yes folks, test environment first. I have a small separate net that I am going to clone the Windows server on, remap machines in a slow progress to check scaling. Proof of Concept first, then cut over. Linux to Linux I understand, Linux to Windows Server is well documented, Windows to Windows works (but crashes far too often). But putting the Linux box in its proper role (IMHO) as the reliable invisible server has so far eluded me. Linux+Apache is far superior to Windows+IIS. Old Samba as a file server works well. Its the AD functions that elude me.

jdm13 09-09-2006 12:47 PM

hello maybe this help you, but you have to pay...:twocents:

mstevensfullarmor 09-11-2006 02:23 PM

Thank you so much for the pointer. It looks promising. It is not free, but sometimes pay solutions that leverage open source are the best option. It uses OpenLDAP on the back end.

knightsamar 08-27-2009 05:41 AM

Hey, any updates on this thread ?

I am trying to do the same thing and found something worth having a look OpenLDAP with Linux and Windows

chrism01 08-28-2009 12:14 AM

Actually, that's pretty old 'August 5th, 2002' & Samba TNG (precursor to v3) and ldapv1.2.
Still a good read though.

This is Samba 3,_and_Samba & LDAP v2

otaku1 02-07-2010 01:47 AM

This will help you just follow the instructions it works like a charm

elwarreno 01-26-2012 06:08 PM

have you looked at Resara Server? its a free/open source Linux domain controller based on samba4, its been around for a year now and seems to be developing a following.

custangro 02-08-2012 05:54 PM

Another solution

cbtshare 02-15-2012 07:05 PM


Originally Posted by otaku1 (Post 3855375)
This will help you just follow the instructions it works like a charm

This works best....but why would you want to do this?? Windows AD with groups policy and other management tools is better but less stable than linux acting as AD server.So why do this when you can simply use samba and authenticate against windows AD

All times are GMT -5. The time now is 04:31 AM.