[Samba] demote ad dc
Rowland Penny
rpenny at samba.org
Fri Aug 20 11:08:35 UTC 2021
On Fri, 2021-08-20 at 12:52 +0200, Andrea Ballarati via samba wrote:
> Hello,
> in my lan I have an ad dc samba and a file server that is ad dc too
> (Version 4.11.6-Ubuntu).
> I know this configuration is not recommended and I want to demote the
> ad
> dc file server to a simple domain member.
> What is the correct procedure to follow? I have googled a bit but
> coudn't find any suitable instructions.
>
Your only hope is that you have added rfc2307 attributes to AD,
otherwise demoting the DC (which is easy) and setting it up as a Unix
domain member (which again is easy) will lead to your users & groups
being given new ID numbers. This will lead to all your data being
orphaned. This is one of the reasons why it is not recommended to use a
DC as a fileserver.
I would suggest you retain the second DC (this is another Samba
recommendation) and set up a new Unix domain member and use this as a
fileserver.
Rowland
More information about the samba
mailing list