[Samba] Replacing Server 2012 R2 with SAMBA4

Stefan Metzmacher metze at samba.org
Thu Mar 17 12:16:35 UTC 2016 

Hi Florian,
> We have two DC right know. (Server 2012 R2 and Server 2008 R2)
> 
> We want to replace Windows with SAMBA over the next years. In the first step we are going to replace the server 2012 R2 with SAMBA because we still need the server 2008.
> 
> But right know we have a small problem, because our AD schema is 69 and our last backup with schema 47 is over a year old.

Why is that a problem? The forest and domain functional level should
be still 2008R2.

Can you get Samba 4.4.0rc5 (or the master branch from git)?
You don't to install it, just run ./configure.developer && make -j

We have a command called "samba-tool drs clone-dc-database",
which is similar to "samba-tool domain join DC". The difference
is that it only tests the replication without creating an account
for a new dc (and it requires the --targetdir option, which should point
to a temporary location).

Just call this like bin/samba-tool to get the one from the build
environment.

If "samba-tool drs clone-dc-database" runs without problems, you may not
have
a real problem with the schema difference. This makes it unlikely that
the real
"samba-tool domain join DC" will fail.

You only need to be aware that the "SYSVOL" folder is not automatically
replicated
between windows and samba. And the GPO-GUI should only be used against
the remaining windows server with manual syncing of the SYSVOL.
You may also need to use "samba-tool ntacl sysvolreset" after the sync.

> What would be an easy way to do this. I believe the easy way would be:
> 1) Building a new domain with our backup.
> 2) Build a new SAMBA server and add it to the domain.
> 3) Configurate the AD manually.

Never use a backup if at least one working dc is still in place!
This just results in replication problems.

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20160317/69a09d59/signature.sig>

More information about the samba mailing list