[Samba] Promote samba-3 BDC to PDC

[Gaiseric Vandal]

Client machines shouldn't care if if the DC is a PDC or BDC.   Are the 
sites currently linked via VPN?   Will they no longer be linked via 
VPN?  Will each site have the same domain name ?   If the two sites are 
linked somehow you want to make sure you use a WINS server on each site 
to make sure clients do NOT connect to the "wrong" PDC.

Also, machines that have authenticated to a DC will need to reboot if 
that DC is decommisioned.

Have you tried a test export of the account database from ldap to tdb 
yet?  I found when I went from TDB to LDAP not all records were 
exported.    I had to use "pdbedit -w" to dump data to a text file and 
then run some scripts to recreate/ reimport missing records/fields into 
ldap.     I don't know if you can configure a BDC with an LDAP backend 
so you would be switching the BDC's to TDB and promoting them to PDC's 
in the same step.    You may want to try to break the steps up a little 
by running LDAP servers on the BDC's  so you can promote the BDC's to 
PDC's on week, then convert them to TDB on another week.


I personally like ldap backend a lot better than TDB because I have the 
option to edit/create records with an ldap editor.   THis was useful 
when I wanted to delete the profile field on some accounts-  I don't 
think there was that option with TDB.





On 01/05/2011 07:59 AM, Matthias Grimm wrote:
> Hi,
>
> We have an old domain with a samba-3 PDC and LDAP backend in our HQ 
> and two BDC in our branch offices.
> Since we don't use the domain in our HQ anymore and one of the 
> branches will be moved to our new domain (2003/2008) I'm thinking 
> about decomissioning the PDC and promote both BDCs as PDC for their 
> branch offices and networks.
> I would also get rid of LDAP. Changing the backend to tdbsam and 
> converting the data with pdbedit isn't that problem but how to do it 
> all without impact? :)
>
> Cheers
>
> Matthias
>