[Samba] unique index violation on objectSid on samba ad

[Krutskikh Ivan]

ok =( Guess I should repeat all the work from scratch. So just to check if
I got it right:

1) Create a new container. Provision a ad dc on it. Can I join some machine
to apply some gpo's and to create users at this point? I'll delete it
afterwards

2) Power down the container from 1) and use it as a template for every
other dc I need just by changing ip/dns

3) Create another template for the second domain. Clone it and attach for
each new dc from 2)

Will this work? The dc's would work in different lan's.

2015-10-19 15:39 GMT+03:00 Marc Muehlfeld <mmuehlfeld at samba.org>:

> Hello Ivan,
>
> Am 19.10.2015 um 12:42 schrieb Krutskikh Ivan:
> > I think, I've done something stupid here. At first I've created 2 lxc
> > containers and provisioned one as dc.office.mtt and joined second one to
> > the first ad bdc.tsnr.mtt.
>
> You should not name your DC something like "backup" (bdc). If the first
> one (dc) gets lost, you only have one. There's no primary, secondary,
> etc. in an AD.
>
> But this isn't your problem :-)
>
>
>
> > Then I've cloned those containers several times
> > and changed ip adresses and dns names of new containers to different
> > subnets.
>
> This was the mistake you made. Don't join and then clone! DCs have GUIDs
> inside the AD. If you change the name/IP after the join, you have two
> hosts with the same GUID in AD and you will of course get replication
> problems.
>
> Is this already in production or just with a large number of
> user/computers? If not, start from scratch. I think it's much less work
> and risk to prevent upcomming trouble in future.
>
> 1. Install first DC
> 2. Provision a domain on it
> 3. Install second DC as template (just install OS + Samba, but don't join!)
> 4. Clone your machine
> 5. Give the clone a new hostname and IP
> 6. Join the cloned machine to the domain
> 7. Repeat 4-6 for all DCs you want to create.
>
>
>
> Regards,
> Marc
>