30.01.2023 06:14, Mark Foley via samba ?????: [,,]> 2. Let's say I get the new DC up and joined (I'll name it DC1), and I transfer FSMO roles and demote the old DC (named MAIL). Does transferring FSMO > roles automatically fix-up Group Policies? For example, the "Folder Redirection" group policy specifies "Root Path: \\mail.hprs.local\Users". Would > that get changed to "dc1.hprs.local\Users" or would I have to manually change any GPOs, etc. to reflect the new master DC's CN host?Do not store regular files on a DC. The file server functions of samba DC are different and works differently from a regular samba fileserver (be it a member of a domain or not). You have to have *another* server to store user files, and point your Root Path to that. /mjt
On 30/01/2023 13:29, Michael Tokarev via samba wrote:> 30.01.2023 06:14, Mark Foley via samba ?????: > [,,] >> 2. Let's say I get the new DC up and joined (I'll name it DC1), and I >> transfer FSMO roles and demote the old DC (named MAIL). Does >> transferring FSMO roles automatically fix-up Group Policies? For >> example, the "Folder Redirection" group policy specifies "Root Path: >> \\mail.hprs.local\Users". Would that get changed to >> "dc1.hprs.local\Users" or would I have to manually change any GPOs, >> etc. to reflect the new master DC's CN host? > > Do not store regular files on a DC.? The file server functions of samba > DC are > different and works differently from a regular samba fileserver (be it a > member > of a domain or not). > > You have to have *another* server to store user files, and point your > Root Path to that. > > /mjt >Whilst I would agree that using a Unix domain member is better as a fileserver, this isn't because the fileserver functions are different on a DC, they are exactly the same. A DC and a Unix domain member both use the same fileserver daemon 'smbd', what is different is the idmap backend and the one that a DC uses is configured towards Windows and hence you have to set the permissions on a Windows machine. Rowland
On 1/30/2023 8:29 AM, Michael Tokarev via samba wrote:> 30.01.2023 06:14, Mark Foley via samba ?????: > [,,] >> 2. Let's say I get the new DC up and joined (I'll name it DC1), and I >> transfer FSMO roles and demote the old DC (named MAIL). Does >> transferring FSMO roles automatically fix-up Group Policies? For >> example, the "Folder Redirection" group policy specifies "Root Path: >> \\mail.hprs.local\Users". Would that get changed to >> "dc1.hprs.local\Users" or would I have to manually change any GPOs, >> etc. to reflect the new master DC's CN host? > > Do not store regular files on a DC.? The file server functions of > samba DC are > different and works differently from a regular samba fileserver (be it > a member > of a domain or not). > > You have to have *another* server to store user files, and point your > Root Path to that.I don't think Redirected Folders are the same as Samba shares. They are somehow managed via Windows Group Policies? via GPO > Edit > User Configuration > Policies > Windows Settings > Folder Redirection. There is some information on this in https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs, which I reference in my own how-to documentation. These have been working OK for all domain users/workstations for the past 8 years. When we've had to install new Windows workstations for users the redirected desktop pops right up after joining the domain. Also, if the user logs in on some other computer in the office, their desktop follows them. Seems to work. BTW - I do have another Linux server for the Network Attached Storage, and it is a domain member which lets domain users map its shares without entering credentials.> Thanks --Mark > /mjt >