Travis Wenks
2022-Aug-03 21:46 UTC
[Samba] Replacing a Samba Domain Controller - Best Practices
Hi First, thank you for such an amazing product! We have several servers that have been in production for many years. I am looking to do some replacements with fresh installs and tidy up my servers with all that I have learned since deploying the originals. I have OLD-DC1, OLD-DC2, OLD-DC3, and OLD-DC4 at two different physical sites and named DC1-4 respectively. DC1 is FSMO role holder. I keep each server in a dedicated /30 with firewall rules restricting communication to the Samba required ports. Would the best practice be to demote DC4 then build a new VM called NEW-DC-NAME and join it in a new /30? First question to clarify here, server name should or should not be reused? Second is networking, I can build out a new /30 and firewall rules but if its ok to do it saves a lot of time to reuse the old IP and VLAN. (VPN's, firewalls, DHCP scopes, etc) Thank you
Johannes Engel
2022-Aug-05 15:42 UTC
[Samba] Replacing a Samba Domain Controller - Best Practices
Hi Travis, if I were you, I would just set up a new VM in each of your networks, install an up-to-date version of samba and join them to your domain. Once everything is working properly, I would then decommission the old DCs one by one. Has always worked for me this way. Best regards Johannes Am Mi., 3. Aug. 2022 um 23:47 Uhr schrieb Travis Wenks via samba < samba at lists.samba.org>:> Hi > > First, thank you for such an amazing product! > > We have several servers that have been in production for many years. > > I am looking to do some replacements with fresh installs and tidy up my > servers with all that I have learned since deploying the originals. > > I have OLD-DC1, OLD-DC2, OLD-DC3, and OLD-DC4 at two different physical > sites and named DC1-4 respectively. DC1 is FSMO role holder. > I keep each server in a dedicated /30 with firewall rules restricting > communication to the Samba required ports. > > Would the best practice be to demote DC4 then build a new VM called > NEW-DC-NAME and join it in a new /30? > > First question to clarify here, server name should or should not be reused? > Second is networking, I can build out a new /30 and firewall rules but if > its ok to do it saves a lot of time to reuse the old IP and VLAN. (VPN's, > firewalls, DHCP scopes, etc) > Thank you > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >