[Samba] How to migrate Active Directory from one Samba4 server to another

X-Dimension at gmx.net X-Dimension at gmx.net
Thu Aug 16 05:29:42 MDT 2012 

> -------- Original-Nachricht --------
> > Datum: Mon, 13 Aug 2012 17:47:35 +1000
> > Von: Andrew Bartlett <abartlet at samba.org>
> > An: X-Dimension at gmx.net
> > CC: samba at lists.samba.org
> > Betreff: Re: [Samba] How to migrate Active Directory from one Samba4
> server to another
> 
> > On Sat, 2012-08-11 at 22:03 +0200, X-Dimension at gmx.net wrote:
> > > Hello!
> > > 
> > > We are using a Samba4.0.0alpha19 (Resara 1.1.2) based domain
> controller
> > in a small production environment and because the Resara development has
> > ended we want to switch to a plain Samba4 beta based Ubuntu
> 12.04/Zentyal
> > Server.
> > > I have installed and configured the new server with the same
> domain-name
> > and the same hostname like the old server. 
> > > How can i export the Active Directory from the old server and import
> it
> > to the new Samba4 server? 
> > 
> > Something like this (unstested):
> > 
> > Use a different hostname, then run 'samba-tool domain join' to join it
> > to the first domain.  Then you can use the
> > source4/scripting/bin/renamedc script to rename it back to the name of
> > the first DC, after running 'samba-tool domain demote' on it. 
> > 
> > You may need to seize FSMO roles from one DC to the other with
> > 'samba-tool domain fsmo'.
> > 
> > > Do i need to rejoin the clients to the domain, after this?
> > 
> > No.
> > 
> > Additional complications may include DNS configuration.  You may need to
> > use --dns-backend=none on the join command. 
> > 
> > This is just a series of hints to get you started.  Hopefully you can
> > work it out from here. 
> > 
> > Andrew Bartlett
> > 
> > -- 
> > Andrew Bartlett                               
> http://samba.org/~abartlet/
> > Authentication Developer, Samba Team           http://samba.org
> > 
> > 
> Thank you Andrew, this was very helpful!
> Joining the new Samba4 Server to the old one replicates the Active
> Directory without a problem! After shutting down the old server, renaming the new
> server and restore smb.conf and krb5.conf i can access the new server with
> RSAT now. :-)
> 
> What does not work is the dns-backend! :-(
> After the AD replication the DNS snap-in from RSAT does not work anymore.
> The join option "--dns-backend=none" is not available here
> (Samba4.0.0beta2 Zentyal package) 
> Is there another way to get DNS working after the replication from the old
> server? 
> 
> I have also another question: What does the "renamedc" script do? 
> When i start it, it always tells me that there are opened transactions and
> so it can't run.
> Because of this i simple change the hostname in /etc/hostname/ and
> /etc/hosts and run hostname -F /etc/hostname. After a restart all looks good so
> far. (but i haven't tested it very much)
> 
> THX
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

I've tried now also Samba4.0.0beta6 and when i join this server with the --dns-backend=NONE option to the old samba4alpha PDC i have no working DNS service on the new Samba server. Bind9 won't start because it can't find sam.ldb. This file is created on provisioning the Samba server the first time, but while our old Resara Server uses plain Bind without the Samba-LDAP-backend sam.ldb is not created when joining the new server to the existing domain.
Is there a way setup the DNS-part after the replication, so that it uses the internal LDAP of Samba4? I don't need to get the DNS entries of the old server to the new server, but i need a working DNS-Samba/LDAP Backend to create Zones and entries with RSAT.

Thx for help!

More information about the samba mailing list