[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).

Juan Ignacio juan.ignacio.pazos at gmail.com
Thu Dec 1 02:03:21 UTC 2022 

Already checked that on 4.1 and samba-tool doesn't have that options.
root at DC1:/usr/sbin# samba-tool domain backup online
Usage: samba-tool domain <subcommand>

Domain management.


Options:
  -h, --help  show this help message and exit


Available subcommands:
  classicupgrade    - Upgrade from Samba classic (NT4-like) database to
Samba AD DC database.
  dcpromo           - Promote an existing domain member or NT4 PDC to an AD
DC.
  demote            - Demote ourselves from the role of Domain Controller.
  exportkeytab      - Dump Kerberos keys of the domain into a keytab.
  info              - Print basic info about a domain and the DC passed as
parameter.
  join              - Join domain as either member or backup domain
controller.
  level             - Raise domain and forest function levels.
  passwordsettings  - Set password settings.
  provision         - Provision a domain.
For more help on a specific subcommand, please type: samba-tool domain
<subcommand> (-h|--help)

El mié, 30 nov 2022 a las 21:57, Juan Ignacio (<juan.ignacio.pazos at gmail.com>)
escribió:

> That is not how you backup Samba AD
>>
>
> I thought that was the way, at least that's what wiki said at the time
> when I installed the dc with samba 4.1, remember that this server is the
> old one in production.
> I just want to make sure that if something goes wrong I can go back.
>
> No, that was the old way and should no longer be used.
>>
>
> My script is older than that one hehe...good to know.
>
> What, you want to demote the DC that holds the FSMO roles ('primary' is
>> what most people call the DC that holds the FSMO roles, even though
>> there is no such thing as a primary DC)
>>
>
> No, I want to demote the old DC that was in production "old primary", with
> samba 4.1.
>
> I transferred the FSMO roles to the new AD-DC with samba 4.16 "DC2" Now it
> is the primary
> I used
> samba-tool fsmo transfer --role=all -UAdministrator
>
> Yes, you must be very careful that you create another DC to replace the
>> one that you are going to demote. One DC = bad, multiple DC's = good.
>>
>
> For now i have 2 DCs, the old production one and the new one with samba
> 4.16.
> The idea is to make more than 2 after I can demote the old.
>
> Sorry, but you do not backup a DC, you backup the domain with
>> 'samba-tool domain backup offline' or 'samba-tool domain backup online'
>
>
> Ok im going to try to use that command in the old server but I thought it
> didn't exist in samba 4.1.
>
> Thx.
>
>
> El mié, 30 nov 2022 16:51, Rowland Penny via samba <samba at lists.samba.org>
> escribió:
>
>>
>>
>> On 30/11/2022 19:30, Juan Ignacio wrote:
>> > Excellent.
>> > Thx, for your explanation Rowland, now I can understand lots better.
>> > I'm close to shutting down the old primary ad-dc to test if everyone
>> can
>> > login and next try to demote it.
>> >
>> > Some things I want to know before demoting.
>> >
>> > I need to make a backup of the old samba 4.1 ad-dc on the old server
>> "DC1".
>> > I backed up manually all the /usr/local/samba/ directory
>>
>> That is not how you backup Samba AD.
>>
>> >
>> > I was thinking of using this script of samba4 on GIT, which is more
>> > updated than the one I was using.
>> >
>> https://github.com/thctlo/samba4/blob/master/backup-script/backup_samba4
>> > <
>> https://github.com/thctlo/samba4/blob/master/backup-script/backup_samba4>
>>
>> No, that was the old way and should no longer be used.
>>
>> >
>> > I already transferred  FSMO roles to the new server "DC2" . Is there
>> any
>> > other thing I need to do before demoting the primary DC.
>>
>> What, you want to demote the DC that holds the FSMO roles ('primary' is
>> what most people call the DC that holds the FSMO roles, even though
>> there is no such thing as a primary DC)
>>
>> > Anything else I must check or be careful with?
>>
>> Yes, you must be very careful that you create another DC to replace the
>> one that you are going to demote. One DC = bad, multiple DC's = good.
>>
>> >
>> > About the NEW ad-dc "DC2"
>> > I have 4 full server backups a day on that server, do you think I need
>> > to backup samba anyway or is this enough if something fails.
>>
>>
>> Sorry, but you do not backup a DC, you backup the domain with
>> 'samba-tool domain backup offline' or 'samba-tool domain backup online'
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>

More information about the samba mailing list