samba - Jan 2024 - Samba AD - two servers - backup and restore AD procedure

Hi All!
I would be grateful for clarification of my doubts about backups and
restoration of the AD environment.

What is the best strategy for backing up and restoring a Samba AD domain in
the following scenarios:
* server1 - active directory service (7 FSMO roles)
* server2 - active directory service + Samba file server

The considered disaster recovery scenarios are:

   - Corruption of the AD database on server1 due to an electrical surge
   and an uncontrolled server restart.
   - Accidental deletion of critical AD objects due to operator error or
   software issues.

Currently, I perform online backups of the entire AD and offline backups on
both servers.

Unfortunately, the documented method for restoring the AD is cumbersome in
the event of the above-mentioned failures due to the need to set up another
temporary server solely for AD recovery. This is troublesome when the goal
is to bring the domain back to a functional state ASAP.

What should I do in this environment when restoring the domain from an
online backup? I would plan to do it as follows:

   - Set up a virtual machine, install Samba on virtual server3.
   - Stop Samba on server2.
   - Restore the online backup to temporary server3.
   - Offline demote both servers.
   - Rejoin server1 and server2.
   - Demote server3.

After recovering the domain, I would like to have the same domain server
names and their IP addresses. Will there be any issues with this procedure?
What should I do if there are potential problems?

I don't have a spare physical server3 that I could start and leave running
for an extended period. I can run a virtual machine for the duration of the
repair. Is this the correct procedure, or is there a simpler way to perform
the restoration?

The issue also involves client workstations that have DNS settings pointing
to server1 and server2. If I want to use server3, I would need to manually
change DNS settings on over 200 workstations.

Assuming I eliminate server2, could I then use the offline backup and
perform a restore as follows:

   - Stop Samba on server1.
   - Restore the offline backup on server1.
   - Start Samba on server1.

Both servers run on Ubuntu 22.04, and Samba is installed from distribution
packages.

Thanks for alll your tips

Irek

Hi again.
Another scenario which I have in mind
1. stop samba on server1 and server2
2. restore offline backup on server1
3. offline demote server2
4. rejoin server2


sob., 6 sty 2024 o 21:48 Ireneusz Sobkowicz <i.sobkowicz at gmail.com>
napisa?(a):
> Hi All!
> I would be grateful for clarification of my doubts about backups and
> restoration of the AD environment.
>
> What is the best strategy for backing up and restoring a Samba AD domain
> in the following scenarios:
> * server1 - active directory service (7 FSMO roles)
> * server2 - active directory service + Samba file server
>
> The considered disaster recovery scenarios are:
>
>    - Corruption of the AD database on server1 due to an electrical surge
>    and an uncontrolled server restart.
>    - Accidental deletion of critical AD objects due to operator error or
>    software issues.
>
> Currently, I perform online backups of the entire AD and offline backups
> on both servers.
>
> Unfortunately, the documented method for restoring the AD is cumbersome in
> the event of the above-mentioned failures due to the need to set up another
> temporary server solely for AD recovery. This is troublesome when the goal
> is to bring the domain back to a functional state ASAP.
>
> What should I do in this environment when restoring the domain from an
> online backup? I would plan to do it as follows:
>
>    - Set up a virtual machine, install Samba on virtual server3.
>    - Stop Samba on server2.
>    - Restore the online backup to temporary server3.
>    - Offline demote both servers.
>    - Rejoin server1 and server2.
>    - Demote server3.
>
> After recovering the domain, I would like to have the same domain server
> names and their IP addresses. Will there be any issues with this procedure?
> What should I do if there are potential problems?
>
> I don't have a spare physical server3 that I could start and leave
running
> for an extended period. I can run a virtual machine for the duration of the
> repair. Is this the correct procedure, or is there a simpler way to perform
> the restoration?
>
> The issue also involves client workstations that have DNS settings
> pointing to server1 and server2. If I want to use server3, I would need to
> manually change DNS settings on over 200 workstations.
>
> Assuming I eliminate server2, could I then use the offline backup and
> perform a restore as follows:
>
>    - Stop Samba on server1.
>    - Restore the offline backup on server1.
>    - Start Samba on server1.
>
> Both servers run on Ubuntu 22.04, and Samba is installed from distribution
> packages.
>
> Thanks for alll your tips
>
> Irek
>