[Samba] AD Backup Best Practice

Rowland Penny rpenny at samba.org
Sun Feb 10 18:51:10 UTC 2019

On Sun, 10 Feb 2019 19:33:17 +0100
Viktor Trojanovic <viktor at troja.ch> wrote:

> On Sun, 10 Feb 2019 at 17:42, Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> >
> >
> > The problem is that a Samba AD DC is constantly in flux, that is, it
> > changes constantly, if your 'snapshot' can guarantee it is correct,
> > then I see no problem, but you would only really know when you tried
> > to restore it.
> >
> > >With regards to information between 2 backups being lost, how
> > > is that different with other backup strategies, for example using
> > > samba-tool online backup?
> >
> > That is the problem with any AD DC backup method, the backups can
> > quickly become out of date.
> >
> >
> > You keep saying that but I can't quite wrap my head around it. How
> > exactly
> is the DC constantly in flux? Say I set up my small AD, one DC, 10
> users, 10 computers, internal DNS and some GPOs and I'm not touching
> any of that anymore after the initial setup. Yes, users create their
> files, set permissions etc but that's all done on the filesystem of
> the member server and not in the AD itself, right? So what will have
> changed a week later on the DC?
> Viktor

If all you have is 10 users, then your changes are going to be small,
but there will be changes, machine passwords could change for instance.
If a computers password changes 5 minutes after you back up the domain
and then a week later you restore from your backup, the machine will
not be able to connect to the domain, the domain will expect the old
password and the machine will be sending the new one.


More information about the samba mailing list