Finally there’s is a great milestone reached in the world of Open Source IT business infrastructure: Samba 4 has achieved stable state and provides us with a free (as beer, and liberal) Active Directory implementation, which, properly packaged and deployed to a suitable environment, seems to work out of the box.
Of course it took a while to figure out how to run such a bleeding edge development on stable Debian. SerNet has done great work in this area. Basically, I use their Debian packages, but rather than installing the iso file of the appliance, I only use their packages, together with recompiled bind9 from sid (or wheezy? I’m sorry, I forgot. Needed the P3 packaging, and dlzones worked fine). The main reason is, I want to run this inside a Xen based (shell only) environment and be ready for normal Debian network based provisioning.
Integration into given LAN environments is another issue. You have to make your central DNS refer to the DC’s DNS, and there are multiple ways to do that. One of my objectives is, to figure out what can be considered best practice here. Getting ready for real life also covers to figure out replication, backup strategies, consistent cross server ID mapping, authentication on the shell level, consistent file access (permissions/ACLs, see also here) across smb and ssh access and last but not least deployment and migration strategies including architectural changes to be done to the given environment.
Test-Installations of Windows are easy to get using VirtualBox. I recommend to setup a basic windows installation with the Default User modified to your preferences (Desktop setup and such trivial things), needed Tools readily installed (like alternative browser, AD admin tools, sysinternals), the vm “syspreped” and then exported. Don’t add to much, as you can do this by rolling out Software using GPOs and a repackager (like Scalable Smart Packager Community Edition, be ready to register).
So, there are some things left to do, but for now, I’m really amazed and I’m taking my hat off to the samba guys, including SerNet.