[Samba] AD Backup Best Practice

Viktor Trojanovic viktor at troja.ch
Sun Feb 10 13:13:27 UTC 2019

I'm currently reviewing my own backup strategy for Samba and I realize it
is not in line with best practices provided in the Wiki. (
https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC) Said
best practices, however, seem a bit like a nightmare to me.

Assuming the AD is gone and you want to restore just one DC, and you want
things to look just as they did before the crash, the process according to
the Wiki looks as follows:

1. Install a Samba DC on a new (!) temporary host and provision the domain,
just like you would when doing a new install from scratch. That task alone
is tremendous.
2. Stop Samba and restore the AD from backup to this domain not (!) into
the default Samba folder, advise Samba accordingly when starting it.
3. On the original host, set up a Samba DC and join the domain.
4. If GPO or scripts exist on sysvol, manually set up sysvol replication to
get them to the original DC.
5. Remove the temporary host.

Just... wow. :)

Isn't there a simpler way of doing this? Namely, if all the restore
operations are done offline anyway, why is it frowned upon to simply do
everything on the original DC, i.e. forgo the temporary host, overwrite the
configuration files (/etc/samba) and the local Samba folder (e.g.
/var/lib/samba) with what's in the backup and be done with it? What's the
difference between doing this and just restoring the whole machine running
the DC bit for bit (dd backup and restore)?


More information about the samba mailing list