The target is to replicate a MS AD DC (Windows server 2012) to a new Samba4 AD DC, then migrate users to the new Samba domain. This is our first time, and the various documents on the Internet are not very encouraging.
There is only one forest and a unique AD DC.
The concern is to ensure all necessary objects from the original AD DC will be copied to the new Samba directory.
The Samba wiki page, Join a domain as a DC, clearly indicates that the "join" will work only for Windows Server 2008 R2 at most (we have a 2012 version). It is then probably better to start from scratch on Samba, importing the various MS AD objects from a script / samba-tool.
What are your recommendations, warnings, to achieve a MS 2012 AD DC to a Samba 4 AD DC migration, and in particular how to ensure the maximum of the information from the Windows machine can be transferred to Samba4, in other words, generate the least inconvenience to the users. (DNS, Users, Groups, Computers, …)
Best Answer
My advice would be to follow this general procedure:
0) backup everything
1) think about what you are planning to do with DNS and DHCP (if they are on the same windows server)
2) downgrade the scheme from 2012 to 2008R2
3) add Samba4 server as a secondary domain controller (using internal DNS probably)
4) wait till the scheme (and DNS) replicates to Samba4 server
5) transfer all FSMO roles to Samba4 server (this is risky, as from my experience, windows server may not like it)
6) uptade DNS names if needed
7) don't forget to update/install DHCP server
After that you should be able to power off your windows server and your users shouldn't notice anything.
Note that this whole operation isn't really the "best practice" scenario and there are a lot of things to go wrong, so do it at night and think ahead about disaster recovery plan when everything will suddenly stop working without any reasonable log output. I did this once with windows 2008 and it worked, but I remember it being a very unpleasant experience. So best of luck :)