AD as a backup DC to a Samba4 PDC?
Pavel Herrmann
morpheus.ibis at gmail.com
Tue Nov 1 10:20:43 MDT 2011
On Tuesday 01 of November 2011 12:08:20 Charles Tryon wrote:
> I've been doing some digging for this but haven't found an answer yet. Is
> it possible to set up an actual Microsoft AD controller as a BDC to a
> Samba4 PDC?
>
> The reason for asking is that I am working on setting up Samba4 as our PDC,
> but I would like to show that it would be possible, if absolutely
> necessary, to move the domain to an actual Windows platform. It's one of
> those "warm fuzzies" that Microsoft centric bosses like to have when you're
> proposing a non-Microsoft solution on their network. :-P
Hi
in AD there is no such thing as a PDC/BDC
all DCs are equal, and clients choose the one that is closest (AFAIK randomly
from DCs in the given site)
only remnants of PDC/BDC are so called FSMO roles (for tasks that need to be
done centrally, else it could cause inconsistencies in the database - changing
passwords for instance), which are held by a single DC at any time, but can be
moved freely
the problem that currently makes using combined samba/windows AD difficult is
lack of FRS/DFS-R protocols, which are used to replicate sysvol directories
(where GPOs are stored)
as for the actual procedure, you would simply transfer all FSMO roles onto
windows DC (can be done after removing the samba DC, but it is better to do
this before), copy your sysvol (and fix file permissions there, otherwise GPO
editor will bug you to infinity) and then you are free to remove samba DC. in
theory
please try this before attempting to migrate a production environment, and
report any problems
Pavel
More information about the samba-technical
mailing list