[PATCH] Add a new tool, 'samba-tool domain clone'

Stefan Metzmacher metze at samba.org
Tue Aug 18 07:36:01 UTC 2015

Hi Andrew,

>> Am 17.08.2015 um 05:56 schrieb Andrew Bartlett:
>>> This patch adds and tests 'samba-tool domain clone' a way to clone 
>>> an
>>> AD domain without adding Samba as a DC.  This allows us to confirm 
>>> we
>>> can migrate to Samba without harming the source domain.
>> As that seems to be more like a developer tool,
>> which can be very dangerous for a random admin to try,
>> I don't want this to be part of "samba-tool domain".
> Why is it dangerous?

Because if you accidently start it bad things happen,
machine accounts may change their password here or there.

>> I'd prefer a standalone script under source4/scripting/devel/.
>> Also from reading the patch it's not completely clear what
>> part of the migration should be tested? Just the replication?

If you just want to test the replication you can use net rpc vampire keytab,
but I guess it's not just replication you want to test...

>> What is the desired result of this having an exact copy of the
>> other DC? Including the same name, ntds guid and it's original 
>> invocationID?

But the ipaddress will be different?

What is the desired action an admin would like to do with the result of
this operation?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150818/9b1951d0/signature.sig>

More information about the samba-technical mailing list