[Samba] It is secure to transfer roles and demote DC?

Federico Alberto Sayd fsayd at uncu.edu.ar
Fri Nov 7 04:53:37 MST 2014

On 06/11/14 16:13, Marc Muehlfeld wrote:
> Am 06.11.2014 um 19:16 schrieb Federico Alberto Sayd:
>> The server that I want to demote is also a file server, I want preserve
>> the file server functionality but demote as DC. That is why I don't want
>> to have to put offline the server forever or to reinstall it.
> You can't demote a Samba DC to a simple member server (yet).
> The demote removes the DC from the AD. Nothing else. Then you have to
> manually remove the databases and replace your DC smb.conf with one that
> is for a member server (the shares configs you can of course move to the
> new smb.conf). Then you have to join the domain as member server.
> But why not keeping the host as a DC, if it should still serve files?

1st - Docs says that isn't recommended run a File Server as DC ("Even if 
the Domain Controller can act as a File Server as well, it's not a 
recommendation" [1])

2nd - The file server is experiencing hig load (I think, because to high 
I/O) and DNS resolution goes low and clients using this DC lose connectivity

[1] https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO



More information about the samba mailing list