AD as a backup DC to a Samba4 PDC?

Charles Tryon charles.tryon at gmail.com
Tue Nov 1 11:54:33 MDT 2011 

On Tue, Nov 1, 2011 at 12:20 PM, Pavel Herrmann <morpheus.ibis at gmail.com>wrote:

> On Tuesday 01 of November 2011 12:08:20 Charles Tryon wrote:
> > I've been doing some digging for this but haven't found an answer yet.
>  Is
> > it possible to set up an actual Microsoft AD controller as a BDC to a
> > Samba4 PDC?
> >
> > The reason for asking is that I am working on setting up Samba4 as our
> PDC,
> > but I would like to show that it would be possible, if absolutely
> > necessary, to move the domain to an actual Windows platform.  It's one of
> > those "warm fuzzies" that Microsoft centric bosses like to have when
> you're
> > proposing a non-Microsoft solution on their network. :-P
>
> Hi
>
> in AD there is no such thing as a PDC/BDC
>
> all DCs are equal, and clients choose the one that is closest (AFAIK
> randomly
> from DCs in the given site)
>
> only remnants of PDC/BDC are so called FSMO roles (for tasks that need to
> be
> done centrally, else it could cause inconsistencies in the database -
> changing
> passwords for instance), which are held by a single DC at any time, but
> can be
> moved freely
>
> the problem that currently makes using combined samba/windows AD difficult
> is
> lack of FRS/DFS-R protocols, which are used to replicate sysvol directories
> (where GPOs are stored)
>
> as for the actual procedure, you would simply transfer all FSMO roles onto
> windows DC (can be done after removing the samba DC, but it is better to do
> this before), copy your sysvol (and fix file permissions there, otherwise
> GPO
> editor will bug you to infinity) and then you are free to remove samba DC.
> in
> theory
>
> please try this before attempting to migrate a production environment, and
> report any problems
>
> Pavel
>

OK, so short answer is: No, but yes -- I can't do what I was asking, but
with some work, I should be able to accomplish what I am looking for...

I'll see if I can set up an environment to test this.

Thanks!


-- 
    Charles Tryon
_________________________________________________________________________
      "It's the job that's never started that takes longest to finish."
                                 -- Samwise Gamgee

More information about the samba-technical mailing list