[Samba] Samba AD - two servers - backup and restore AD procedure

Ireneusz Sobkowicz i.sobkowicz at gmail.com
Sat Jan 6 21:05:45 UTC 2024


Hi again.
Another scenario which I have in mind
1. stop samba on server1 and server2
2. restore offline backup on server1
3. offline demote server2
4. rejoin server2


sob., 6 sty 2024 o 21:48 Ireneusz Sobkowicz <i.sobkowicz at gmail.com>
napisał(a):

> Hi All!
> I would be grateful for clarification of my doubts about backups and
> restoration of the AD environment.
>
> What is the best strategy for backing up and restoring a Samba AD domain
> in the following scenarios:
> * server1 - active directory service (7 FSMO roles)
> * server2 - active directory service + Samba file server
>
> The considered disaster recovery scenarios are:
>
>    - Corruption of the AD database on server1 due to an electrical surge
>    and an uncontrolled server restart.
>    - Accidental deletion of critical AD objects due to operator error or
>    software issues.
>
> Currently, I perform online backups of the entire AD and offline backups
> on both servers.
>
> Unfortunately, the documented method for restoring the AD is cumbersome in
> the event of the above-mentioned failures due to the need to set up another
> temporary server solely for AD recovery. This is troublesome when the goal
> is to bring the domain back to a functional state ASAP.
>
> What should I do in this environment when restoring the domain from an
> online backup? I would plan to do it as follows:
>
>    - Set up a virtual machine, install Samba on virtual server3.
>    - Stop Samba on server2.
>    - Restore the online backup to temporary server3.
>    - Offline demote both servers.
>    - Rejoin server1 and server2.
>    - Demote server3.
>
> After recovering the domain, I would like to have the same domain server
> names and their IP addresses. Will there be any issues with this procedure?
> What should I do if there are potential problems?
>
> I don't have a spare physical server3 that I could start and leave running
> for an extended period. I can run a virtual machine for the duration of the
> repair. Is this the correct procedure, or is there a simpler way to perform
> the restoration?
>
> The issue also involves client workstations that have DNS settings
> pointing to server1 and server2. If I want to use server3, I would need to
> manually change DNS settings on over 200 workstations.
>
> Assuming I eliminate server2, could I then use the offline backup and
> perform a restore as follows:
>
>    - Stop Samba on server1.
>    - Restore the offline backup on server1.
>    - Start Samba on server1.
>
> Both servers run on Ubuntu 22.04, and Samba is installed from distribution
> packages.
>
> Thanks for alll your tips
>
> Irek
>


More information about the samba mailing list