We have an aging Windows server member of our company's AD that serves shares to a bunch of clients, with ACLs defined in part relative to users and groups that are local to that server and in part relative to AD users. For replacing this windows server, we'd like to use a Linux/Samba machine made member server of the AD. Ideally we would just replace the windows server by the new linux server in the DNS, such that the swap is transparent to the clients accessing the shares.
Copying the shares with their full windows ACLs on the new machine is easy, but I wonder how to "transfer" the local users and groups to the new machine. I guess we'd have to create unix and samba users and groups matching the existing local ones on the windows server and to update/duplicate the existing ACLs for theses new users and groups, so that access control to the shares keeps working when the old server becomes unreachable. Does this seem a sound approach? Does anyone have a better idea?
If so, there are a few groups and a dozen of local users, so they can even be recreated manually, but there are tens of thousands folders and millions of served files, such that the updating of the ACLs must be automated. Are there tools or existing scripts out there that could help us in this?