samba - Mar 2023 - DCs & subnets

On 10/03/2023 14:37, Perttu Aaltonen via samba wrote:
> I have the same job to do as another user late last year: upgrade an old
Samba 4.1 AD domain to a new version and server
> 
> In that thread Rowland suggested to provision a new DC in the same subnet
as the old one. I wonder was this just a general recommendation to make the
transition easier for the specific user, or is there something technically I
should be aware of if I want to add the new DC from a different subnet than the
original?
> 
> I?m planning to install a new Debian instance and Samba, provision it as a
DC, transfer FSMO roles, then demote the old DC. I?d like to move the DCs to a
more secure subnet and only allow traffic from domain member servers from
another subnet.
> 
> Thanks
You do not have to use the same subnet, just as long as the new DC can 
connect to the old DC. Also, if you are just adding another DC, the word 
is 'join' not 'provision', if you 'provision' a DC, you
will get an
entirely different domain, even if you use the same domain name.

You may have problems going directly from 4.1.x to the latest available 
Debian Samba version (4.17.5 from backports), you may have to upgrade to 
4.5.x first

Rowland

> On 10. Mar 2023, at 16.53, Rowland Penny via samba <samba at
lists.samba.org> wrote:
> 
> You do not have to use the same subnet, just as long as the new DC can
connect to the old DC. Also, if you are just adding another DC, the word is
'join' not 'provision', if you 'provision' a DC, you
will get an entirely different domain, even if you use the same domain name.
> 
> You may have problems going directly from 4.1.x to the latest available
Debian Samba version (4.17.5 from backports), you may have to upgrade to 4.5.x
first
> 
> Rowland
Thanks Rowland. I remember reading something about there being replication
improvements in 4.16 with older versions. But only one way to find out how it
goes. Luckily the current DC is a VM so I can back it up easily.

-Perttu