how to handle ACLs of local users when migrating a windows server to linux/samba

ms flag

We have an aging Windows server member of our company's AD that serves shares to a bunch of clients, with ACLs defined in part relative to users and groups that are local to that server and in part relative to AD users. For replacing this windows server, we'd like to use a Linux/Samba machine made member server of the AD. Ideally we would just replace the windows server by the new linux server in the DNS, such that the swap is transparent to the clients accessing the shares.

Copying the shares with their full windows ACLs on the new machine is easy, but I wonder how to "transfer" the local users and groups to the new machine. I guess we'd have to create unix and samba users and groups matching the existing local ones on the windows server and to update/duplicate the existing ACLs for theses new users and groups, so that access control to the shares keeps working when the old server becomes unreachable. Does this seem a sound approach? Does anyone have a better idea?

If so, there are a few groups and a dozen of local users, so they can even be recreated manually, but there are tens of thousands folders and millions of served files, such that the updating of the ACLs must be automated. Are there tools or existing scripts out there that could help us in this?

I sit in a Tesla and translated this thread with Ai:


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.