[Samba] AD Backup Best Practice

Peter Milesson miles at atmos.eu
Sun Feb 10 13:35:20 UTC 2019

On 10.02.2019 14:13, Viktor Trojanovic via samba wrote:
> I'm currently reviewing my own backup strategy for Samba and I realize it
> is not in line with best practices provided in the Wiki. (
> https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC) Said
> best practices, however, seem a bit like a nightmare to me.
> Assuming the AD is gone and you want to restore just one DC, and you want
> things to look just as they did before the crash, the process according to
> the Wiki looks as follows:
> 1. Install a Samba DC on a new (!) temporary host and provision the domain,
> just like you would when doing a new install from scratch. That task alone
> is tremendous.
> 2. Stop Samba and restore the AD from backup to this domain not (!) into
> the default Samba folder, advise Samba accordingly when starting it.
> 3. On the original host, set up a Samba DC and join the domain.
> 4. If GPO or scripts exist on sysvol, manually set up sysvol replication to
> get them to the original DC.
> 5. Remove the temporary host.
> Just... wow. :)
> Isn't there a simpler way of doing this? Namely, if all the restore
> operations are done offline anyway, why is it frowned upon to simply do
> everything on the original DC, i.e. forgo the temporary host, overwrite the
> configuration files (/etc/samba) and the local Samba folder (e.g.
> /var/lib/samba) with what's in the backup and be done with it? What's the
> difference between doing this and just restoring the whole machine running
> the DC bit for bit (dd backup and restore)?
> Viktor
Hi folks,

Thanks for bringing this up Viktor!

I have got a bit of a bad conscience here. I have got a small domain, 
with around 10 users, and infrequent changes, and the AD DC resides on a 
virtual machine. A VM copy is what I do now and then. Hopefully it's 

Best regards,


More information about the samba mailing list