[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).

Rowland Penny rpenny at samba.org
Thu Dec 1 10:03:44 UTC 2022 


On 01/12/2022 00:57, Juan Ignacio wrote:
>     That is not how you backup Samba AD
> 
> 
> I thought that was the way, at least that's what wiki said at the time 
> when I installed the dc with samba 4.1, remember that this server is the 
> old one in production.
> I just want to make sure that if something goes wrong I can go back.

Yes, but you now have a new, much later DC.


>     What, you want to demote the DC that holds the FSMO roles ('primary' is
>     what most people call the DC that holds the FSMO roles, even though
>     there is no such thing as a primary DC)
> 
> 
> No, I want to demote the old DC that was in production "old primary", 
> with samba 4.1.

I think the words you are looking for are: The original DC running 4.1.x

> 
> I transferred the FSMO roles to the new AD-DC with samba 4.16 "DC2" Now 
> it is the primary

There is no such thing as a 'primary DC' in AD. All AD DC's are equal 
except for the FSMO roles and they can be on any DC, in fact, if you 
have enough DC's, you can put one FSMO role on each.

> I used
> samba-tool fsmo transfer --role=all -UAdministrator
> 
>     Yes, you must be very careful that you create another DC to replace the
>     one that you are going to demote. One DC = bad, multiple DC's = good.
> 
> 
> For now i have 2 DCs, the old production one and the new one with samba 
> 4.16.
> The idea is to make more than 2 after I can demote the old.

Very good idea, if you have more than one DC and one goes faulty, you 
can demote the faulty one and add a replacement, that way, you will 
never require your AD domain backup.

> 
>     Sorry, but you do not backup a DC, you backup the domain with
>     'samba-tool domain backup offline' or 'samba-tool domain backup online' 
> 
> 
> Ok im going to try to use that command in the old serverbut I thought it 
> didn't exist in samba 4.1.

Will not work, because it isn't there. It will be there on your new DC, 
so backup the domain from there.
Of course if there is anything else on the old DC that you require, you 
should back that up before demoting the DC.

Rowland

More information about the samba mailing list