[Samba] How to replace a win2003 DC controller

Marc Muehlfeld mmuehlfeld at samba.org
Mon May 19 11:50:10 MDT 2014

Hello Lorenzo,

please don't hijack foreign threads. ;-)

Am 19.05.2014 19:17, schrieb Lorenzo Faleschini:
> In my mind i figured out that what I want to achieve is done by:
> - adding Samba4 machine to the domain as domain controller
> - move all FSMO roles to the Samba4 DC (trough win RSAT)
> - manually rsync SysVol (win2003-->Samba4)to get all the last changes
> - demote the win2003 DC to a member
> is this safe to do?

This would be usual way for such a migration. But you can't use rsync,
because it would not replicate the Windows ACLs to the Samba share. I
would suggest to just copy the SysVol content manually, run "samba-tool
ntacl sysvolreset" and then set the ACLs manually (if you don't want
them to be at their default). And if you demote the Win DC afterwards
anyway, then you don't have the requirement for Win-Samba replication.

> Is it better to just add Samba4 and scheduled rsync and only in the
> case of win2003 failure go through the FSMO moving and its demotion
> to member?

See my rsync notes above.

If you keep the Windows DC, then you have to get a way to syncronize the
SysVol content including ACLs, until someone starts implenting SysVol
replication in Samba. But currently there's no one working on that.


More information about the samba mailing list