Kind of a whole set of general questions - pardon for one more, please! I've read some of the thinking behind not having a DC also be a file server. But it's not a "rule" - just a suggestion. But here's a wrinkle on things. In more than a few setups, I'll have DC's on VM's - and they won't be serving files they'll be purely DC's. Then on dedicated hardware, I'll have a file-server. Obviously I can make that file server simply a domain member, or I could make it an additional DC. Having an additional DC would probably be good, as we'd have an additional replica of the AD repository. If we lost one or all of the DC VM's we'd still have the DC on the file-server too. So, why not make it a full DC, and not just a member server? [Or even a RODC] [File shares will be on separate volumes/disks, from any of the OS or Samba/AD disks - so migrating data isn't also tangled with AD or OS components.] -Greg
On 14/07/2020 06:40, Gregory Sloop via samba wrote:> Kind of a whole set of general questions - pardon for one more, please! > > I've read some of the thinking behind not having a DC also be a file server. > But it's not a "rule" - just a suggestion. > > But here's a wrinkle on things. > In more than a few setups, I'll have DC's on VM's - and they won't be serving files they'll be purely DC's. > Then on dedicated hardware, I'll have a file-server. > > Obviously I can make that file server simply a domain member, or I could make it an additional DC. > Having an additional DC would probably be good, as we'd have an additional replica of the AD repository. If we lost one or all of the DC VM's we'd still have the DC on the file-server too. > > So, why not make it a full DC, and not just a member server? [Or even a RODC] > [File shares will be on separate volumes/disks, from any of the OS or Samba/AD disks - so migrating data isn't also tangled with AD or OS components.] > > -GregI started out like you, 'it's a Samba machine, so it should be able to serve files', but after reading all the problems that people have had, I have come to the conclusion that using a DC as a fileserver is a bad idea. Yes, if you are using a DC in a very small office (3 or 4 users), you might get away with using a DC as a fileserver, but in any reasonably sized network, I wouldn't do it. Rowland
Rpvs> On 14/07/2020 06:40, Gregory Sloop via samba wrote:>> Kind of a whole set of general questions - pardon for one more, please!>> I've read some of the thinking behind not having a DC also be a file server. >> But it's not a "rule" - just a suggestion.>> But here's a wrinkle on things. >> In more than a few setups, I'll have DC's on VM's - and they won't be serving files they'll be purely DC's. >> Then on dedicated hardware, I'll have a file-server.>> Obviously I can make that file server simply a domain member, or I could make it an additional DC. >> Having an additional DC would probably be good, as we'd have an additional replica of the AD repository. If we lost one or all of the DC VM's we'd still have the DC on the file-server too.>> So, why not make it a full DC, and not just a member server? [Or even a RODC] >> [File shares will be on separate volumes/disks, from any of the OS or Samba/AD disks - so migrating data isn't also tangled with AD or OS components.]>> -GregRpvs> I started out like you, 'it's a Samba machine, so it should be able to Rpvs> serve files', but after reading all the problems that people have had, I Rpvs> have come to the conclusion that using a DC as a fileserver is a bad idea. Rpvs> Yes, if you are using a DC in a very small office (3 or 4 users), you Rpvs> might get away with using a DC as a fileserver, but in any reasonably Rpvs> sized network, I wouldn't do it. Rpvs> Rowland So, if I understand you correctly, you don't really have any specific things that you believe go wrong, it's a diffuse "stuff breaks" reasoning? I'm not trying to be dismissive, but it isn't a lot to go on. The wiki has some specific issues it enumerates - OS upgrades, volume permissions, etc. I think the setup I describe, having the OS on completely separate disks/volumes from the shares, etc address many of those concerns. I guess I was hoping for something more detailed. -Greg