Adding Linux as a second domain controller

55 pts.
Tags:
Domain Controller
Linux
Multiple Domain Controllers
Windows
Windows Server 2003
Windows Server 2003 Domain
Windows Server 2003 Domain Controller
This question will undoubtedly anger many if not all, but after 5 years I am at my wit's end. Can I install and setup a new domain using linux as a domain controller behind a router in such a way that it won't interfere with or be seen by the current win 2k3 domain controller?

Answer Wiki

Thanks. We'll let you know when a new response is added.

As far as I know there is no way to use a Linux server as a Windows Domain Controller. Active Directory is a Microsoft specific product and requires Windows Servers to function as the domain controllers. You can use Linux servers as the DNS servers, DHCP servers, web servers, etc but not the domain controllers.

Discuss This Question: 12  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Matt Mather
    You can configure Samba in *nix to be either a primary or backup domain controller. If you choose backup though, as far as I am aware, it can only be a backup to a Samba primary. That being the case you could potentially look to replace your DCs with a *nix solution but I am not certain how, if at all, they can be integrated. I would advise a LOT more reading on the subject.
    3,610 pointsBadges:
    report
  • Sheetsofsound
    Yes, I want to make the *nix box into a primary dc. Here is my problem and the reason I thought some might get angry. I am not the IT person in my organization. I work in an educational environment and the IT staff are responsible for @10,000 machines spread over a large geographic area with upwards of 200 buildings. They are understaffed, underpaid and dealing with many isues. Before the current IT head was hired 5 years ago, I was running my own network of 12 machines using Win Server 2003. IT left me alone; they knew what I was doing and I ran things and didn't ask them for support. They were happy 'cuz they had WAY too much to do and I wasn't a drain on their resources. Then they upgraded to Server 2003 and pulled out my network with promises of support and trouble free computing. Five years later, I have no network and the faculty computers have Deep Freeze. If I want to add so much as a bookmark I have to call IT and make an appointment for them to come and put it in. They insist we use Firefox 3.0.6.... I could go on. Bottom line: They are making it harder for me to do my job. I have been patient. I have tried to be helpful. But I have finally given up. I want to rebuild my nework without them knowing about it. What I need to know is if it is possible to setup a *nix server as a primary dc without them knowing about it? I'm not trying to mess them up; I just need to be able to do my job without them being in my way. I have done a fair bit of reading, but there really doesn't seem to be a precedent for this anywhere, which makes absolute sense. My current situation doesn't make sense, however and needs to be resolved.
    55 pointsBadges:
    report
  • carlosdl
    So, you want to create a new domain for your faculty computers. Are those computers members of the Windows domain ? Do you want them to continue being part of that domain and additionally join your new domain ? What's the purpose of the new domain ? what kind of features are you looking for ? A samba domain could certainly be an option, but there are some features that you would have with a Windows domain, that a samba domain might not offer.
    68,430 pointsBadges:
    report
  • Sheetsofsound
    I don't want the new domain to have anything at all to do with the old domain. I am trying to set up three user groups with different security levels and drive access; basically faculty, T.A.'s and students. Four of the computers are dedicated for faculty and T.A's, the other 8 get used by all and sundry. All of the computers are running XP. I don't have access to a legal copy o Server 2003 anymore (IT took my legal copy when they dismantled my old network) so I did some reading and thought I might be able to meet my needs with a samba domain.
    55 pointsBadges:
    report
  • Stevesz
    Sheetsofsound, From your long explanation, it looks like the school's IT people have taken over the duties that they had previously left to you. They may no longer be as overworked and understaffed as they used to be. They are now in control, and from your description, though I am thinking it may be a little overblown, finding that someone trying to short circuit that control may well go badly for that individual. The basic task you wish to do is to simply put the three groups you list into different security groups with access depending on the group. This is a relatively trivial thing to do through Windows Active Directory. All you need to do is to open a ticket with your IT people, break down the groups, break down the rights that you wish to grant them, and list who will have access to what shares on the server. Let IT do their thing, and you need not worry.
    2,015 pointsBadges:
    report
  • Sheetsofsound
    Stevesz, I appreciate what you are saying. I have not undertaken this lightly. I have already done what you suggested. Numerous times. I have even been to meetings for discussion of IT policy, I have met personally with the head of IT to try and resolve the issues. I have not been unprofessional or rude in trying to solve this. I have been patient for fIve years. FIVE years. The situation is so bad that most staff across the system don't use the computers at work; instead they bring their laptops and unplug the supplied machines. They can then access the internet but not the servers. The situation is rediculous and I just want to get on with my work.
    55 pointsBadges:
    report
  • Subhendu Sen
    It depends on a fair few factors: 1. Do your users map their drives by IP? THey would need to for this to work. 2. Do you use the DNS/WINS services in Windows? Without a Windows server you might have trouble finding machines on the network unless you have DNS zones replicated between your servers. 3. DO you have any groups in your directory? 4. Do you have Samba running? 5. DO you have a way to replicate the files and all permissions between the servers? 6. Do you have a way to replicate the user details between 2 disparate (one proprietary) LDAP directories? Remembering here that once you lose your domain controller your client machines won't be in a domain anymore. Everyone will need their profiles recreated in this instance. I'm really just throwing this out here to show you it's not simple. Even if you cross your T's and dot your I's there is a high chance that something unforseen would happen. You'd be highly recommended to run a full disaster recovery test to ensure that everything works correctly. Is there any reason you can't go for 2xW2K3 machines or 2xLinux machines?
    27,410 pointsBadges:
    report
  • Sheetsofsound
    Rechil et al, I guess I was just trying to find a way to hide my network from IT without paying for internet access. They told me the reason I tripped up their network when they upgraded to W2K3 five years ago was because I was using their server for DNS. I have tried setting up a router using OpenDNS and had hoped I could hide my network behind the router, but I don't know enough about Active Directory to know if a samba server would be detected and/or conflict with their network. I have homework to do. Unless anyone has a simple solution, I don't want to waste any more of everyone's time on this bizarre situation of mine and my now glaringly apparent lack of knowledge. I may try to solve my problems by paying for a line drop and just removing myself from IT's system altogether. That way I don't have to worry about getting into a conflct with their network and I can set up and do my own thing, this time using samba. We're just strapped for funds is all. Anyone suggest some good resources I can study about Active Directory?
    55 pointsBadges:
    report
  • Subhendu Sen
    For Active Directory, Plz follow the below link .... http://technet.microsoft.com/en-us/library/cc758436(WS.10).aspx
    27,410 pointsBadges:
    report
  • petkoa
    I'm not sure isolating your departmental network will do any good for accessing the university servers - and from your postings I assume it is a necessity.
    3,120 pointsBadges:
    report
  • Sheetsofsound
    I don't need to access the servers; I have enough TBs of storage for data and backups.
    55 pointsBadges:
    report
  • Sheetsofsound
    [...] Adding Linux as a second domain controller [...]
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following