Domain rename tool plans (was: Re: [PATCH] [WIP] AD DC backup and restore tool)

[Andrew Bartlett]

On Thu, 2018-05-31 at 12:12 +0200, L.P.H. van Belle via samba-technical 
wrote:
> Also, if a domain is in pre-production, then is better the stop samba, cleanup and reprovision. 

To be clear, the idea here is to create a pre-production domain
containing the full data set of production (perhaps not including
passwords).  This is the client requirement driving this, they want to
have a greater degree of confidence in their testing in the lab (pre-
production) by using substantially similar data as in production. 

We have worked previously to try and re-create the a look-a-like domain
using scripts, but it never seems to be quite realistic enough. 

> But again, my opinion and concerns.
> Please think about this very carefully, how to inform users, that this should not be done on a setup in production. 

We will include suitable warnings.  Thanks for raising the possible
issues.

The long term aim is to make this work as well as Microsoft's domain
rename tool, or perhaps better if there are good suggestions, except
that we will require that the domain controllers to be re-joined. 

I do understand that is will not be your tool of choice, but we do hope
it will be useful for some.  I have had multiple customers try (and
fail) to create such Samba Lab domain (isolated with firewalls and
password changes) but it never quite worked out.  

To ensure folks get better success this time, once in master we will
write a good wiki page explaining how to use it.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba