samba - Dec 2022 - Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).

>
> That is not how you backup Samba AD
>
I thought that was the way, at least that's what wiki said at the time when
I installed the dc with samba 4.1, remember that this server is the old one
in production.
I just want to make sure that if something goes wrong I can go back.

No, that was the old way and should no longer be used.
>
My script is older than that one hehe...good to know.

What, you want to demote the DC that holds the FSMO roles ('primary'
is
> what most people call the DC that holds the FSMO roles, even though
> there is no such thing as a primary DC)
>
No, I want to demote the old DC that was in production "old primary",
with
samba 4.1.

I transferred the FSMO roles to the new AD-DC with samba 4.16 "DC2"
Now it
is the primary
I used
samba-tool fsmo transfer --role=all -UAdministrator

Yes, you must be very careful that you create another DC to replace
the
> one that you are going to demote. One DC = bad, multiple DC's = good.
>
For now i have 2 DCs, the old production one and the new one with samba
4.16.
The idea is to make more than 2 after I can demote the old.

Sorry, but you do not backup a DC, you backup the domain
with
> 'samba-tool domain backup offline' or 'samba-tool domain backup
online'

Ok im going to try to use that command in the old server but I thought it
didn't exist in samba 4.1.

Thx.


El mi?, 30 nov 2022 16:51, Rowland Penny via samba <samba at
lists.samba.org>
escribi?:
>
>
> On 30/11/2022 19:30, Juan Ignacio wrote:
> > Excellent.
> > Thx, for your explanation Rowland, now I can understand lots better.
> > I'm close to shutting down the old primary ad-dc to test if
everyone can
> > login and next try to demote it.
> >
> > Some things I want to know before demoting.
> >
> > I need to make a backup of the old samba 4.1 ad-dc on the old server
> "DC1".
> > I backed up manually all the /usr/local/samba/ directory
>
> That is not how you backup Samba AD.
>
> >
> > I was thinking of using this script of samba4 on GIT, which is more
> > updated than the one I was using.
> >
https://github.com/thctlo/samba4/blob/master/backup-script/backup_samba4
> > <
>
https://github.com/thctlo/samba4/blob/master/backup-script/backup_samba4>
>
> No, that was the old way and should no longer be used.
>
> >
> > I already transferred  FSMO roles to the new server "DC2" .
Is there any
> > other thing I need to do before demoting the primary DC.
>
> What, you want to demote the DC that holds the FSMO roles
('primary' is
> what most people call the DC that holds the FSMO roles, even though
> there is no such thing as a primary DC)
>
> > Anything else I must check or be careful with?
>
> Yes, you must be very careful that you create another DC to replace the
> one that you are going to demote. One DC = bad, multiple DC's = good.
>
> >
> > About the NEW ad-dc "DC2"
> > I have 4 full server backups a day on that server, do you think I need
> > to backup samba anyway or is this enough if something fails.
>
>
> Sorry, but you do not backup a DC, you backup the domain with
> 'samba-tool domain backup offline' or 'samba-tool domain backup
online'
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Already checked that on 4.1 and samba-tool doesn't have that options.
root at DC1:/usr/sbin# samba-tool domain backup online
Usage: samba-tool domain <subcommand>

Domain management.


Options:
  -h, --help  show this help message and exit


Available subcommands:
  classicupgrade    - Upgrade from Samba classic (NT4-like) database to
Samba AD DC database.
  dcpromo           - Promote an existing domain member or NT4 PDC to an AD
DC.
  demote            - Demote ourselves from the role of Domain Controller.
  exportkeytab      - Dump Kerberos keys of the domain into a keytab.
  info              - Print basic info about a domain and the DC passed as
parameter.
  join              - Join domain as either member or backup domain
controller.
  level             - Raise domain and forest function levels.
  passwordsettings  - Set password settings.
  provision         - Provision a domain.
For more help on a specific subcommand, please type: samba-tool domain
<subcommand> (-h|--help)

El mi?, 30 nov 2022 a las 21:57, Juan Ignacio (<juan.ignacio.pazos at
gmail.com>)
escribi?:
> That is not how you backup Samba AD
>>
>
> I thought that was the way, at least that's what wiki said at the time
> when I installed the dc with samba 4.1, remember that this server is the
> old one in production.
> I just want to make sure that if something goes wrong I can go back.
>
> No, that was the old way and should no longer be used.
>>
>
> My script is older than that one hehe...good to know.
>
> What, you want to demote the DC that holds the FSMO roles
('primary' is
>> what most people call the DC that holds the FSMO roles, even though
>> there is no such thing as a primary DC)
>>
>
> No, I want to demote the old DC that was in production "old
primary", with
> samba 4.1.
>
> I transferred the FSMO roles to the new AD-DC with samba 4.16
"DC2" Now it
> is the primary
> I used
> samba-tool fsmo transfer --role=all -UAdministrator
>
> Yes, you must be very careful that you create another DC to replace the
>> one that you are going to demote. One DC = bad, multiple DC's =
good.
>>
>
> For now i have 2 DCs, the old production one and the new one with samba
> 4.16.
> The idea is to make more than 2 after I can demote the old.
>
> Sorry, but you do not backup a DC, you backup the domain with
>> 'samba-tool domain backup offline' or 'samba-tool domain
backup online'
>
>
> Ok im going to try to use that command in the old server but I thought it
> didn't exist in samba 4.1.
>
> Thx.
>
>
> El mi?, 30 nov 2022 16:51, Rowland Penny via samba <samba at
lists.samba.org>
> escribi?:
>
>>
>>
>> On 30/11/2022 19:30, Juan Ignacio wrote:
>> > Excellent.
>> > Thx, for your explanation Rowland, now I can understand lots
better.
>> > I'm close to shutting down the old primary ad-dc to test if
everyone
>> can
>> > login and next try to demote it.
>> >
>> > Some things I want to know before demoting.
>> >
>> > I need to make a backup of the old samba 4.1 ad-dc on the old
server
>> "DC1".
>> > I backed up manually all the /usr/local/samba/ directory
>>
>> That is not how you backup Samba AD.
>>
>> >
>> > I was thinking of using this script of samba4 on GIT, which is
more
>> > updated than the one I was using.
>> >
>>
https://github.com/thctlo/samba4/blob/master/backup-script/backup_samba4
>> > <
>>
https://github.com/thctlo/samba4/blob/master/backup-script/backup_samba4>
>>
>> No, that was the old way and should no longer be used.
>>
>> >
>> > I already transferred  FSMO roles to the new server
"DC2" . Is there
>> any
>> > other thing I need to do before demoting the primary DC.
>>
>> What, you want to demote the DC that holds the FSMO roles
('primary' is
>> what most people call the DC that holds the FSMO roles, even though
>> there is no such thing as a primary DC)
>>
>> > Anything else I must check or be careful with?
>>
>> Yes, you must be very careful that you create another DC to replace the
>> one that you are going to demote. One DC = bad, multiple DC's =
good.
>>
>> >
>> > About the NEW ad-dc "DC2"
>> > I have 4 full server backups a day on that server, do you think I
need
>> > to backup samba anyway or is this enough if something fails.
>>
>>
>> Sorry, but you do not backup a DC, you backup the domain with
>> 'samba-tool domain backup offline' or 'samba-tool domain
backup online'
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>

On 01/12/2022 00:57, Juan Ignacio wrote:
>     That is not how you backup Samba AD
> 
> 
> I thought that was the way, at least that's what wiki said at the time 
> when I installed the dc with samba 4.1, remember that this server is the 
> old one in production.
> I just want to make sure that if something goes wrong I can go back.
Yes, but you now have a new, much later DC.

>     What, you want to demote the DC that holds the FSMO roles
('primary' is
>     what most people call the DC that holds the FSMO roles, even though
>     there is no such thing as a primary DC)
> 
> 
> No, I want to demote the old DC that was in production "old
primary",
> with samba 4.1.
I think the words you are looking for are: The original DC running 4.1.x
> 
> I transferred the FSMO roles to the new AD-DC with samba 4.16
"DC2" Now
> it is the primary
There is no such thing as a 'primary DC' in AD. All AD DC's are
equal
except for the FSMO roles and they can be on any DC, in fact, if you 
have enough DC's, you can put one FSMO role on each.
> I used
> samba-tool fsmo transfer --role=all -UAdministrator
> 
>     Yes, you must be very careful that you create another DC to replace the
>     one that you are going to demote. One DC = bad, multiple DC's =
good.
> 
> 
> For now i have 2 DCs, the old production one and the new one with samba 
> 4.16.
> The idea is to make more than 2 after I can demote the old.
Very good idea, if you have more than one DC and one goes faulty, you 
can demote the faulty one and add a replacement, that way, you will 
never require your AD domain backup.
> 
>     Sorry, but you do not backup a DC, you backup the domain with
>     'samba-tool domain backup offline' or 'samba-tool domain
backup online'
> 
> 
> Ok im going to try to use that command in the old serverbut I thought it 
> didn't exist in samba 4.1.
Will not work, because it isn't there. It will be there on your new DC, 
so backup the domain from there.
Of course if there is anything else on the old DC that you require, you 
should back that up before demoting the DC.

Rowland