On Tue, 2021-05-11 at 12:42 -0400, ralph strebbing via samba
wrote:> Hi All,
>
> So I've read sporadic stuff around the wiki, and some scattered
> threads here on the mail list, but nothing too direct on whether this
> could work or not.
Yeah, it's a mess.
> So we're about to move away from a self-hosted mail server to O365,
> and to keep things in Sync, I'd like to utilize AzureAD Connect,
> however as anyone can guess it's meant to run on Windows Server 2012,
> 2016 or, 2019.
Correct, but it only needs to run on a domain member server, not on a
DC, as I understand it.
There are now instructions here:
https://wiki.samba.org/index.php/Azure_AD_Sync
> Not sure if it's still the case with regards to joining Windows
> servers to the samba domain as additional Domain Controllers, but one
> solution I was theorizing was to setup a Windows Server 2012R2
> machine, and join it to the Samba AD Domain as a DC (Maybe ReadOnly?)
> to facilitate creating the user accounts and syncing passwords with
> AzureAD/O365. I just don't know whether I'm going to completely
> destroy/break the new Samba domain by doing this, or if there are
> heavy concerns with this method.
There is a lot of stuff in our wiki very worried about 2012, which I
think mostly relates back to earlier times when our schema code wasn't
as good. Newer Samba domains come provisioned with the 2012 schema,
and we have good upgrade tools now.
Thankfully that isn't required.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions