[PATCH] [WIP] AD DC backup and restore tool

L.P.H. van Belle belle at bazuin.nl
Thu May 31 10:12:33 UTC 2018


Sorry for the intrusion. A sidenote here. 

How are you going to detect if the domain in question is in pre-production? 

This is only going to work if you have 0 computers in to domain or you should wipe the domain to all default and rename it. 
But thats not wat people want, they want to change a running domain with computers and users in it. 

Sorry, but imo worst function samba can add here.

This will give lots of problems just because people are going to try this and end up with a domain without any working computer in it.
Or gets a new function, fill the eventlogs with messages about the domain change.. 

Im working with with AD or the better version of MS-AD => Novell DS a long time now. 
Any rename i encountered ended up in lots of problems, maybe not for DC's itself but it does for any joined computer/server.
Also, if a domain is in pre-production, then is better the stop samba, cleanup and reprovision. 

But again, my opinion and concerns.
Please think about this very carefully, how to inform users, that this should not be done on a setup in production. 

Best regards, 


> -----Oorspronkelijk bericht-----
> Van: samba-technical 
> [mailto:samba-technical-bounces at lists.samba.org] Namens 
> Andrew Bartlett via samba-technical
> Verzonden: donderdag 31 mei 2018 10:56
> Aan: Rowland Penny
> CC: samba-technical at lists.samba.org
> Onderwerp: Re: [PATCH] [WIP] AD DC backup and restore tool
> On Wed, 2018-05-16 at 11:25 +0100, Rowland Penny via samba-technical
> wrote:
> > > I'm not sure where I said I can't test it, because we 
> plan to do just
> > > that.  One of the tests we plan fully animate a working 
> DC alongside
> > > ad_dc and the other selftest environments, using a stored 
> backup and
> > > these tools. 
> > 
> > This must have been my mis-understanding, it sounded like 
> you couldn't
> > write an actual test.
> Just as a heads-up, Tim and I got this (the full runtime test) working
> today for the online backup (and with that working the offline
> shouldn't be difficult).  
> Therefore I plan to submit this for review as soon as we can clean it
> up.  Once in place, we can build up features like NTACL 
> support (Joe is
> working the infrastructure for that).
> The restore tool is already written, as is the 'blocker' against an
> untar, so my plan is to bring it in part-by-part as we finish the
> required tests, as it is already safer than the shell-script option.
> Finally, as a reminder for why this really matters, we are 
> building the domain rename tool on this basis, and this is critical for the creation of a realistic pre-prod domain. 
> Thanks,
> Andrew Bartlett
> -- 
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          
> http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list