The migration from an NT4-style domain to Active Directory is one way!
This means that once your , you should test the upgrade process in a separate network from your production!
You just have to copy the required files to the new server before. If any of your users have a RID less than '1000' and you wish these to exist in the new AD domain, you will need to change their RID, see below for how to do this.
A common problem is duplicate SID's in the backend. But old Samba versions without sanity checks, wrong manual changes or other things, could have lead to duplicate SID's in your environment. See: What are the consequences changing an SID/RID?
This guide is only relevant if you have a Samba NT4-style domain, that you want to upgrade to Samba Active Directory!
Many people find themselves in a situation where they have an existing Samba NT4-style domain, complete with an extensive set of domain users, groups and machines.
The documentation was not very clear about that (at least I didn't find a helpful guide). For example, if you update from 4.4.4 to 4.6.2, read the 4.5.0, 4.6.0, 4.6.1, and 4.6.2 release notes.
Install the latest version over your existing one: If you compile Samba from the sources, use the same configure options as used for your previous version.
Then run All major Linux and Free Unix distributions have Samba as a native package.
I simply don't remember seeing it, but I'm glad it is patched.
This is what I got: samba (2:4.3.11 dfsg-0ubuntu0.16.04.7) xenial-security; urgency=medium * SECURITY UPDATE: remote code execution from a writable share - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a slash inside in source3/rpc_server/srv_pipe.c.
It is possible to do the conversion and the users and machines will simply re-connect to the new Samba AD installation without needing to manually re-join.
Doing a classicupgrade is possible from all passwd backends (smbpasswd, tdbsam and ldapsam).
https://samba.plus/ offers Samba packages for SLES, RHEL, and Debian.