Raising Domain/Forest from 2008 to 2016: What do I need to know?

scottalanmiller

Just important when asking what needs to be known going to 2016 that an existing option, a really major one that can save a lot of money and add a lot of flexibility, will go away by making this specific move.

Obsolesce

@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

Just important when asking what needs to be known going to 2016 that an existing option, a really major one that can save a lot of money and add a lot of flexibility, will go away by making this specific move.

Yes, that is a very important consideration to be aware of.

If I were to make a move like that as far as replacing Windows AD with SAMBA, I would prefer to do it in parallel with Windows AD.

What's the benefit of having Windows Server 2012 R2 servers running AD along with Linux Samba servers?

Does that allow for seamless migration with no down time for example?

If not, I'd rather do them in parallel. For example, if running a Windows 2016 AD environment, spin up a Samba server and slowly build it up in parallel to the WinAD.

Does Samba / Azure AD Sync allow you to Sync back passwords (and/or accounts) from O365 (to Samba)? I've never looked into that.

scottalanmiller

@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

Does Samba / Azure AD Sync allow you to Sync back passwords (and/or accounts) from O365 (to Samba)? I've never looked into that.

Never tried, but should, as it is just AD. It shouldn't be able to tell that it isn't Windows.

scottalanmiller

@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

What's the benefit of having Windows Server 2012 R2 servers running AD along with Linux Samba servers?

None, I believe.

Dashrender

@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

Does Samba / Azure AD Sync allow you to Sync back passwords (and/or accounts) from O365 (to Samba)? I've never looked into that.

Never tried, but should, as it is just AD. It shouldn't be able to tell that it isn't Windows.

Well - that depends, does the sync client have to run on a Windows AD server? If not, then you probably can sync a Samba solution to Azure AD.

scottalanmiller

@dashrender said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

Does Samba / Azure AD Sync allow you to Sync back passwords (and/or accounts) from O365 (to Samba)? I've never looked into that.

Never tried, but should, as it is just AD. It shouldn't be able to tell that it isn't Windows.

Well - that depends, does the sync client have to run on a Windows AD server? If not, then you probably can sync a Samba solution to Azure AD.

Last I knew, it wasn't even supposed to run on an AD server

Dashrender

@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

@dashrender said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

Does Samba / Azure AD Sync allow you to Sync back passwords (and/or accounts) from O365 (to Samba)? I've never looked into that.

Never tried, but should, as it is just AD. It shouldn't be able to tell that it isn't Windows.

Well - that depends, does the sync client have to run on a Windows AD server? If not, then you probably can sync a Samba solution to Azure AD.

Last I knew, it wasn't even supposed to run on an AD server

aww - I've never used it.. in that case - run it from any other Windows server, and bob's your uncle. If Samba is doing their job right, the sync client won't know the difference.

The next question is - does MS have any licensing around the use of the sync client as a gotcha?

dbeato

@dashrender said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

Does Samba / Azure AD Sync allow you to Sync back passwords (and/or accounts) from O365 (to Samba)? I've never looked into that.

Never tried, but should, as it is just AD. It shouldn't be able to tell that it isn't Windows.

Well - that depends, does the sync client have to run on a Windows AD server? If not, then you probably can sync a Samba solution to Azure AD.

You can run it on any Windows server, but the problem with Samba is the password hash doesn't get sync to Azure.
https://lists.samba.org/archive/samba/2016-November/204564.html

dbeato

@dbeato said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

@dashrender said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

Does Samba / Azure AD Sync allow you to Sync back passwords (and/or accounts) from O365 (to Samba)? I've never looked into that.

Never tried, but should, as it is just AD. It shouldn't be able to tell that it isn't Windows.

Well - that depends, does the sync client have to run on a Windows AD server? If not, then you probably can sync a Samba solution to Azure AD.

You can run it on any Windows server, but the problem with Samba is the password hash doesn't get sync to Azure.
https://lists.samba.org/archive/samba/2016-November/204564.html

BY this I mean, everything works but password synchronization doesn't work same as Server 2008 running the Azure AD sync tool as well.

dbeato

@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

@dashrender said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

Does Samba / Azure AD Sync allow you to Sync back passwords (and/or accounts) from O365 (to Samba)? I've never looked into that.

Never tried, but should, as it is just AD. It shouldn't be able to tell that it isn't Windows.

Well - that depends, does the sync client have to run on a Windows AD server? If not, then you probably can sync a Samba solution to Azure AD.

Last I knew, it wasn't even supposed to run on an AD server

Yes, it is not supposed to run in an AD server because the app needs SQL Express to work.

Dashrender

@dbeato said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

@dashrender said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:

Does Samba / Azure AD Sync allow you to Sync back passwords (and/or accounts) from O365 (to Samba)? I've never looked into that.

Never tried, but should, as it is just AD. It shouldn't be able to tell that it isn't Windows.

Well - that depends, does the sync client have to run on a Windows AD server? If not, then you probably can sync a Samba solution to Azure AD.

You can run it on any Windows server, but the problem with Samba is the password hash doesn't get sync to Azure.
https://lists.samba.org/archive/samba/2016-November/204564.html

That thread is kinda old - I wonder if 4.5 fixed that?