[Samba] DC disaster recovery

Rowland penny rpenny at samba.org
Tue Jul 14 17:34:37 UTC 2020

On 14/07/2020 17:25, Gregory Sloop via samba wrote:
> Rpvs> On 14/07/2020 16:51, Gregory Sloop via samba wrote:
>>> Yeah, I could setup an extra XCP box - but at smaller setups, it really seems like overkill.
>>> So, it sounds like restores of the VM work "fine."
>>> How often do machine accounts reset their passwords?
> Rpvs> Every 30 days, though this is adjustable, but not recommended
>>> [This is the one that is most likely to be problematic. Rejoining the domain means a new profile. And that's a big PITA on the client side.]
>>> User password changes can simply be handled by the admin resetting them, or the like. Machine accounts? Not so straight-forward, at least not that I'm aware of - unless there's some way to "reset" the computer account password and sync with the workstation.
> Rpvs> You do know that a computer is a user with an extra objectclass ?
> Rpvs> Rowland
> Yeah, I do know that.
> But that seems like a *completely pointless* observation if there's not some way to re-sync the "machine" account password on the station with a new password on the AD-DC. If there's a way, I'm all ears. If there's not, then who cares - what's the point in even bringing it up?
> It feels like
> Bystander: "Hey drowning man, there's a way you don't have to drown, you know!"
> Drowning man: "Yeah?! Crikey! How about telling me about that, instead of just telling me I don't have to drown!"
> Bystander "I just wanted you to know 'bout my technical superiority!"
> Drowning man: "Can I drown now?"
> :)
> -Greg

Hey 'Drowning man':

samba-tool user setpassword computer_name$ --random-password

This will work, but I don't recommend doing it, Samba will change the 
password every 30 days.


More information about the samba mailing list