[Samba] AD Backup Best Practice
Rowland Penny
rpenny at samba.org
Sun Feb 10 19:22:40 UTC 2019
On Sun, 10 Feb 2019 20:11:02 +0100
Viktor Trojanovic <viktor at troja.ch> wrote:
> On Sun, 10 Feb 2019 at 19:52, Rowland Penny via samba
> <samba at lists.samba.org> wrote:
>
> > On Sun, 10 Feb 2019 19:33:17 +0100
> > Viktor Trojanovic <viktor at troja.ch> wrote:
> >
> > > On Sun, 10 Feb 2019 at 17:42, Rowland Penny via samba
> > > <samba at lists.samba.org> wrote:
> > >
> > > >
> > > >
> > > > The problem is that a Samba AD DC is constantly in flux, that
> > > > is, it changes constantly, if your 'snapshot' can guarantee it
> > > > is correct, then I see no problem, but you would only really
> > > > know when you tried to restore it.
> > > >
> > > > >With regards to information between 2 backups being lost, how
> > > > > is that different with other backup strategies, for example
> > > > > using samba-tool online backup?
> > > >
> > > > That is the problem with any AD DC backup method, the backups
> > > > can quickly become out of date.
> > > >
> > > >
> > > > You keep saying that but I can't quite wrap my head around it.
> > > > How exactly
> > > is the DC constantly in flux? Say I set up my small AD, one DC, 10
> > > users, 10 computers, internal DNS and some GPOs and I'm not
> > > touching any of that anymore after the initial setup. Yes, users
> > > create their files, set permissions etc but that's all done on
> > > the filesystem of the member server and not in the AD itself,
> > > right? So what will have changed a week later on the DC?
> > >
> > > Viktor
> >
> > If all you have is 10 users, then your changes are going to be
> > small, but there will be changes, machine passwords could change
> > for instance. If a computers password changes 5 minutes after you
> > back up the domain and then a week later you restore from your
> > backup, the machine will not be able to connect to the domain, the
> > domain will expect the old password and the machine will be sending
> > the new one.
> >
> >
> Ok, that's a valid point but the computer pw is usually initiated
> every 30 days. Which brings me back to my question, if I set
> everything up on day x, meaning that user passwords don't expire for
> another 45 days and computer passwords remain valid for another 30
> days, make a backup on that same day, and restore the AD a week later
> without any intermediate backups, what will I have lost? Sorry to
> belabor the point, I'll keep doing daily backups in any case, I'm
> just trying to figure out what I'm missing. :)
>
> Viktor
In a small domain like yours, probably not much, the only real thing I
could think of would be user password changes, but in large domains you
couldn't really do what you are proposing.
Rowland
More information about the samba
mailing list