[Samba] AD DC on virtual machine

Reindl Harald h.reindl at thelounge.net
Tue Aug 23 11:43:28 UTC 2016 


Am 23.08.2016 um 13:31 schrieb Sven Schwedas via samba:
> On 2016-08-23 13:10, Reindl Harald via samba wrote:
>>> Is that the best solution is to have a physical secondary controller?
>>
>> how does it matter if something is virtualized?
>>
>> you treat a VM exactly like a pyhiscal box, if you would setup a second
>> server without virtualization you are doing the same with a second VM
>> running on a difefrent host
>>
>> that's it
>
> So, same recommendations as always apply:
>
> • Don't rely on a single ADDC
>
> • Don't restore ADDCs from backup if you can avoid it, as it wrecks
> replication. Transfer roles to your secondary DC (physical or not does
> not matter), then reimage and rejoin the dead DC. If that takes a day,
> investigate into better automation.
>
> • *Should* all DCs die *and* you cannot bring any online, *then*, and
> only then, you can restore one DC from backups, and reimage the others.

yes

in theory with HA soltuins all DC could run on one host becaus ethey are 
anyways restarted on the second one - but i wouldn't do taht sicne you 
have always a second one and so it's better to not have the time gap 
until HA beats in

the same for dns servers - in normal operations on different hosts and 
only in case of ESXi updates or firmware updates temporary vmotion to 
the second one, then back as before, wait for some time and then the 
same for the other host

however, in 2016 there are very few to no reasons setup any service on 
bare metal

> The only gotcha with VMs is to not put the virtualization host into the
> domain, as authentication to the Dom0 can brick itself if the DCs aren't
> running yet to authenticate against and there's nothing in winbind's
> logon cache

if would never ever put virtualization infrastrcuture in a state where 
the hosts could not just live without vcenter and any other service - 
they need for worst cases always be self-containing


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20160823/c365fbb8/signature.sig>

More information about the samba mailing list