[Samba] DC disaster recovery

Gregory Sloop gregs at sloop.net
Tue Jul 14 16:25:31 UTC 2020



Rpvs> On 14/07/2020 16:51, Gregory Sloop via samba wrote:
>> Yeah, I could setup an extra XCP box - but at smaller setups, it really seems like overkill.
>> So, it sounds like restores of the VM work "fine."

>> How often do machine accounts reset their passwords?
Rpvs> Every 30 days, though this is adjustable, but not recommended
>> [This is the one that is most likely to be problematic. Rejoining the domain means a new profile. And that's a big PITA on the client side.]

>> User password changes can simply be handled by the admin resetting them, or the like. Machine accounts? Not so straight-forward, at least not that I'm aware of - unless there's some way to "reset" the computer account password and sync with the workstation.

Rpvs> You do know that a computer is a user with an extra objectclass ?

Rpvs> Rowland


Yeah, I do know that.
But that seems like a *completely pointless* observation if there's not some way to re-sync the "machine" account password on the station with a new password on the AD-DC. If there's a way, I'm all ears. If there's not, then who cares - what's the point in even bringing it up? 

It feels like 
Bystander: "Hey drowning man, there's a way you don't have to drown, you know!" 
Drowning man: "Yeah?! Crikey! How about telling me about that, instead of just telling me I don't have to drown!"
Bystander "I just wanted you to know 'bout my technical superiority!"
Drowning man: "Can I drown now?"
:)

-Greg


More information about the samba mailing list