Author Topic: quick question on migrating server 2012r2  (Read 286 times)

killmasta93

  • Zen Apprentice
  • *
  • Posts: 25
  • Karma: +4/-0
    • View Profile
quick question on migrating server 2012r2
« on: December 06, 2019, 01:04:10 am »
Hi,
i was wondering if its possible to migrate users from 2012r2 to zentyal, i saw that the roles can only migrate if one has 2008r2, but not if migrating the users applies to that same concept?

Thank you

doncamilo

  • Zen Samurai
  • ****
  • Posts: 331
  • Karma: +68/-1
    • View Profile
Re: quick question on migrating server 2012r2
« Reply #1 on: December 10, 2019, 05:20:47 pm »
 :)

To import the users and groups from Windows Server to Zentyal 6.1 you can use the set of perl scripts import/export groups and users provided for Zentyal 6.1. in /usr/share/zentyal-samba/

Structure of the csv document which needs Zentyal:

For groups:

https://raw.githubusercontent.com/zentyal/zentyal/master/main/samba/src/scripts/groups-import.pl

Code: [Select]
my($groupname, $parentDN, $description, $mail, $isSecurityGroup, $isSystemGroup, $gidNumber)
For users:

https://raw.githubusercontent.com/zentyal/zentyal/master/main/samba/src/scripts/users-import.pl

Code: [Select]
$samAccountName, $parentDN, $givenName, $initials, $sn, $displayName, $description, $mail, $password, $isSystemUser, $uid, $groups
In Windows Server select the Users in the LDAP tree and use "View>Add/Remove Columns" to select the fields which you want export and export the list. You can use opencalc or excel to build the csv file needed for Zentyal 6.1.

Remember that you have to add the new passwords in the csv.

Cheers!


"That place... is strong with the
dark side of the Force.  A domain
of evil it is.  In you must go."

Yoda.

killmasta93

  • Zen Apprentice
  • *
  • Posts: 25
  • Karma: +4/-0
    • View Profile
Re: quick question on migrating server 2012r2
« Reply #2 on: January 03, 2020, 02:51:20 pm »
Thank you for the reply, and sorry for the late reply, did not get an email alert, as for the migration, this would migrate users but would i need to re connect them to the domain?

Thank you

doncamilo

  • Zen Samurai
  • ****
  • Posts: 331
  • Karma: +68/-1
    • View Profile
Re: quick question on migrating server 2012r2
« Reply #3 on: January 03, 2020, 04:18:11 pm »
 :)

Yes. You'll have to join client machines, copy users data,...

An option could be to use Zentyal as additional domain controller. Afterward you can demote Windows Server and remove them. The trust relationships between machines, the users (with their passwords), and, actually, the whole LDAP will be replicated on Zentyal (with the sysvol exception). However all resources hosted by the Windows Server should be translated to Zentyal or a NAS, etc. (roaming profiles, shares, etc) before to remve it.

Read this: https://doc.zentyal.org/en/directory.html#joining-zentyal-server-to-an-existing-domain and this https://wiki.samba.org/index.php/Rsync_based_SysVol_replication_workaround

The problem whit this solution is that the Zentyal webadmin doesn't shows correctly the promotion process of the Zentyal server:

Quote
The web GUI of Zentyal doesn’t shows the results of this change of configuration as you can see in Domain but, do not worry, your doamin controller owns all the FSMO roles as you can check with the “samba-tool fsmo show” command, and it will be running as expected, but ATTENTION, don’t change any value in Domain because you’ll lost every data related to the domain controller.

Tell me here if you need some more help.

Cheers!
"That place... is strong with the
dark side of the Force.  A domain
of evil it is.  In you must go."

Yoda.

killmasta93

  • Zen Apprentice
  • *
  • Posts: 25
  • Karma: +4/-0
    • View Profile
Re: quick question on migrating server 2012r2
« Reply #4 on: January 05, 2020, 03:08:17 am »
Thank you for the reply,
so if i understood correctly, I would make zentyal join my existing domain on windows server, which will replicate all the users the no issue meaning that the next day the users will not affected by trust domain, the only thing that does not replicate is the GPO but thats no issue as my gpo is real small (network drives) and i can redo it manual.
Then after that i need to transfer the roles to zentyal to make primary
and would execute the script which comes already inside zentyal
Code: [Select]
/usr/share/zentyal-samba$ sudo ./ad-migrate
then transfer the files from windows server to Zentyal
and demote normally the window server

I would guess these are the steps?
And the ad-migrate script works  to transfer the roles from windows server 2012r2?

Thank you again

doncamilo

  • Zen Samurai
  • ****
  • Posts: 331
  • Karma: +68/-1
    • View Profile
Re: quick question on migrating server 2012r2
« Reply #5 on: January 07, 2020, 01:24:43 pm »
 :)

'Grosso modo' yes. Samba4 is fully only compatible with Windows Server 2008 R2, so to avoid problems configure your Windows Server 2012 to be WS 2008 R2 compliant before to proceed to join your Zentyal server ( however you can join Zentyal to the WS 2012 avoiding this first step).

The script 'ad-migrate' do his work rigthly in my experience. After this step Zentyal will be the owner of the traditional five FSMO roles (plus two additional roles) https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_(FSMO)_Roles#The_seven_FSMO_roles

The heavy work is to prepare the shares in Zentyal, etc.

As usual, be sure that you have some backup solution which ables you to run up your services in case of fail.

Cheers!
"That place... is strong with the
dark side of the Force.  A domain
of evil it is.  In you must go."

Yoda.

killmasta93

  • Zen Apprentice
  • *
  • Posts: 25
  • Karma: +4/-0
    • View Profile
Re: quick question on migrating server 2012r2
« Reply #6 on: January 09, 2020, 04:01:04 am »
Thank you again for the reply, im going to test it in a test environment to see how it works, and post back my experience

As what you mention is that i need to join Zentyal to the WS2012 so that means i dont need to downgrade ws2012 then run the script to migrate the FSMO roles and then demote it

Next week ill post back on the steps if all goes well
Thank you 

killmasta93

  • Zen Apprentice
  • *
  • Posts: 25
  • Karma: +4/-0
    • View Profile
Re: quick question on migrating server 2012r2
« Reply #7 on: January 16, 2020, 03:44:12 pm »
EDIT: so these are the steps to migrate, only one issue is that i demoted the windows server but it still appears domain controllers on zentyal so odd

STEPS:

But before take a snapshot of the OS of windows server and were going to downgrade the forest and domain to windows 2008r2 go to powershell on windows

Code: [Select]
`Set-ADForestMode -Identity "YOURDOMAIN.local" -ForestMode Windows2008R2Forest`


`Set-ADDomainMode -Identity "YOURDOMAIN.local" -DomainMode Windows2008R2Domain`


now ssh the zentyal server

Code: [Select]
`cd /usr/share/zentyal-samba`
Code: [Select]
`chmod +x ad-migrate`
Code: [Select]
`./ad-migrate`
then say Y


then demote the windows server

Thanatos

  • Zentyal Staff
  • Zen Apprentice
  • *****
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: quick question on migrating server 2012r2
« Reply #8 on: January 16, 2020, 05:35:23 pm »
Hi!

It could be great if you have the time to redact a "howto" with your experience.

It's really sad that the "Contributions / Tips & Tricks / Features Requests" board is almost unutilized.

Cheers!
« Last Edit: January 16, 2020, 05:37:06 pm by Thanatos »
“THERE'S NO JUSTICE, said Mort. JUST US.”

killmasta93

  • Zen Apprentice
  • *
  • Posts: 25
  • Karma: +4/-0
    • View Profile
Re: quick question on migrating server 2012r2
« Reply #9 on: January 27, 2020, 03:25:36 am »
Hi there sure thing im going to post back next week and put the steps how to on github so i can help the community the only issue im having is to remove the other Windows server im guessing i need to put on a windows RSAT and remove it manually.

Thanatos

  • Zentyal Staff
  • Zen Apprentice
  • *****
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: quick question on migrating server 2012r2
« Reply #10 on: January 27, 2020, 10:27:36 am »
Hi there sure thing im going to post back next week and put the steps how to on github so i can help the community the only issue im having is to remove the other Windows server im guessing i need to put on a windows RSAT and remove it manually.

I'll configure it as "sticky" on the board for the sake of the whole community.

Thank you.
“THERE'S NO JUSTICE, said Mort. JUST US.”