[Samba] Moving the 1st DC (FSMO) to another site - howto?

mathias dufresne infractory at gmail.com
Fri Apr 22 13:14:19 UTC 2016

Hi Ole,

A - If I read correctly you have only one DC and you want to move from one
network to another.

To achieve that change you will have to change all A/AAAA records in your
both AD zones (root zone and _msdcs zone).
Once that is done you will have to change resolver configuration on your
clients for they can send DNS request to the new IP.

Can't see anything else. Nothing about AD site: AD sites are linked to
clients networks and clients networks do not change, only DC network is

B - If I don't read correctly, you have several DC. Move on DC to the new
network, change A and AAAA records related to that DC to reflect the
network change.
If you move one DC not used by clients as DNS server, no change on client

C - You are lazy and you have enough physical computer to play with.
Just create a new DC on the new site, join it to the domain.
If then you want to remove old DC you will have to seize (or transfer if it
works) FSMO roles, change DNS configuration on client side, but as that's a
new DC you don't have to modify A/AAAA records.

IMPORTANT NOTE: with internal DNS you have only one SOA. SOA is where DNS
update goes. If you remove old SOA you must change SOA record to assign it
to a working DC. Without that no change in your DNS zones will be possible
for later use (DC moving from site to site is the main point, auto-update
pushed by DHCP or clients won't work too).

2016-04-22 13:44 GMT+02:00 Ole Traupe <ole.traupe at tu-berlin.de>:

> Hi List,
> I'll probably have to move my FSMO role owner to another site. Like at the
> end of next week (depends on tight transportation schedules). So there is
> no actual time for testing anything, I am afraid.
> We are in the process of moving our lab, with our offices staying in the
> old building for now (different class C subnets). The physical machine is
> basically a file server (hosting DC1 as a VM) which is particularly needed
> at the new site. Plus: Summer is coming and the new site has cooling.
> Unfortunately, our university techsup can't span a VLan to merge these two
> sites. So I am trying to figure out how to do it. In earlier discussions on
> DC failover strategies I was suggested to have my DCs on different sites
> (with different subnets), so I figure it being possible in general.
> The necessary steps likely include:
> - modifying my current DNS config: create another site, move DC1 over,
> also the file server (AD member)
> - update all the clients' 1st DNS server entries to reflect the new IP of
> DC1 (and network share mappings)
> - set some firewall rules allowing for logon and smb communication etc.
> Samba is version 4.2.5 with internal DNS.
> Any advice, instructions, heads-up, warnings are very welcome!
> Best regards,
> Ole
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list