promoting Samba to become PDC in windows environment

Andrew Bartlett abartlet at samba.org
Sun Apr 7 02:48:19 MDT 2013 

On Sat, 2013-04-06 at 19:35 -0700, Matthieu Patou wrote:
> On 04/06/2013 02:16 AM, Haroon Feroze wrote:
> > Hi All,
> > One of our client is planning to migrate his all windows systems to Linux, we are planning to implement Samba as AD replacement. We have planned that first Samba will join existing Windows domain as a member server, and then later on we will remove AD and Samba will become the PDC.
> > I have tested Samba as a member server, however i am not sure how to promote it to become PDC and how it will handle primary logon query.
> > I'll appreciate if someone could point me to the right direction.
> > I am quite new to AD and Samba, thanks in advance for helping me out.
> > Regards,Haroon Feroze 		 	   		
> You can't do this currently we don't support promoting from domain 
> member to DC.

Actually, depending in how you define 'promoting', we do fully support
this, and it is tested as part of 'make test'.  The limitation is only
that we won't keep any idmap configuration from the member server, nor
any local users or groups.  We will behave just as if we started from
scratch.  

(You may need to Remove/backup the smb.conf to allow it to be
re-created). 

So, it really doesn't matter to Samba if it is currently a member server
or not, but while the 'samba-tool domain join dc' command will remove
the member server account, and create it again from scratch, the
'samba-tool domain dcpromo' command will just modify the existing
account.  The different doesn't matter in almost all situations, but
Univention had a use case, so I added it. 

In short, unless you already have files stored on the file server, just
work as if you hadn't already joined it once. 

If you do have files stored, you may wish to go over and reset the
ownership and ACLs once you add the shares and have it all going again.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list