[Samba] Samba AD - two servers - backup and restore AD procedure

Ireneusz Sobkowicz i.sobkowicz at gmail.com
Sat Jan 6 20:48:26 UTC 2024


Hi All!
I would be grateful for clarification of my doubts about backups and
restoration of the AD environment.

What is the best strategy for backing up and restoring a Samba AD domain in
the following scenarios:
* server1 - active directory service (7 FSMO roles)
* server2 - active directory service + Samba file server

The considered disaster recovery scenarios are:

   - Corruption of the AD database on server1 due to an electrical surge
   and an uncontrolled server restart.
   - Accidental deletion of critical AD objects due to operator error or
   software issues.

Currently, I perform online backups of the entire AD and offline backups on
both servers.

Unfortunately, the documented method for restoring the AD is cumbersome in
the event of the above-mentioned failures due to the need to set up another
temporary server solely for AD recovery. This is troublesome when the goal
is to bring the domain back to a functional state ASAP.

What should I do in this environment when restoring the domain from an
online backup? I would plan to do it as follows:

   - Set up a virtual machine, install Samba on virtual server3.
   - Stop Samba on server2.
   - Restore the online backup to temporary server3.
   - Offline demote both servers.
   - Rejoin server1 and server2.
   - Demote server3.

After recovering the domain, I would like to have the same domain server
names and their IP addresses. Will there be any issues with this procedure?
What should I do if there are potential problems?

I don't have a spare physical server3 that I could start and leave running
for an extended period. I can run a virtual machine for the duration of the
repair. Is this the correct procedure, or is there a simpler way to perform
the restoration?

The issue also involves client workstations that have DNS settings pointing
to server1 and server2. If I want to use server3, I would need to manually
change DNS settings on over 200 workstations.

Assuming I eliminate server2, could I then use the offline backup and
perform a restore as follows:

   - Stop Samba on server1.
   - Restore the offline backup on server1.
   - Start Samba on server1.

Both servers run on Ubuntu 22.04, and Samba is installed from distribution
packages.

Thanks for alll your tips

Irek


More information about the samba mailing list