Not sure about your setup, but it has been my experience that monkeying around in uncharted territory for mission critical systems is not the best policy. Again, without knowing your setup it's hard for me to say. Is the ill 2K sbs the only server M$ server available, or are there others in the fleet. If there are others, I would say DCpromo one of the others, and move the services over. Once you are stable again, then it's safer & less pressure trying to get an open source samba pdc/ openldap going. Another option is backup your AD, and whatever else is important, nuke the 2K OS, reinstall 2Ksbs (or 2k+3 if available), and restore your services. This again is safe. One last thing, if you are running Exchange over there, then forget about it. This is a tough task, and not really recommended. If no exchange, then no problem. You are probably thinking thanks for nothing, as I already know this. Well, I just wanted to mention it is all. Since you already have the M$ licenses, then what the heck, just redo it. For the open source setup, not sure how much you are using you AD. If you mainly just need it for logins, then all you need is samba setup to be a PDC. There are many how to's on how to do this laying around the net. If you need more of the other functionality from the AD, then you must also implement something like openldap to carry that load. I still run a 2k+3 sbs AD at HQ (not happy about that), but I was able to setup a couple Slackware boxes for two remote offices to act as seconday PDC's and setup openldap on each Slack box as well. This was not as easy as I thought, and I think other distros have some easier tools/software to help with this. Good Luck! Bob De Mars IT Manager T: 651 925 1510 bob at grunners.com Cell: 612 850 6940 www.grunners.com -----Original Message----- From: tclug-list-bounces at mn-linux.org [mailto:tclug-list-bounces at mn-linux.org] On Behalf Of Joshua Radke Sent: Thursday, April 09, 2009 6:25 PM To: Twin Cities Linux Users Subject: [tclug-list] AD -> Samba Migration Our Windows 2000 SBS AD server has been terminally infected with a variant of the Virut virus. It will die soon, as will single sign-on, DNS, DHCP, and WINS. DNS will be easy to migrate. There are numberous writeups on DHCP/WINS (I seem to recall), but I'm going into uncharted territory with the user migration. I'm not even certain exactly what type of implementation I really need. Here are some possibilities: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.htm l (Just samba) http://www.howtoforge.com/openldap-samba-domain-controller-ubuntu7.10 (with OpenLDAP) It also seems possible to do Samba/Kerberos (I lost the reference for now ... I know, lmgtfy) I'm not certain where to go, and our company is looking to hire someone who has either experience in this, or has some Windows Domain Authentication/active directory/LDAP background, which is the greatest gaping hole in our understanding. The timescale is as soon as possible (I'm not sure how long it will be until one of the borked services writes to null again). Please drop me a line. Best, Josh _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota tclug-list at mn-linux.org http://mailman.mn-linux.org/mailman/listinfo/tclug-list