Hello I have primary and secondary Samba 4 DCs running very nicely with replication. I have DC1 using the official Backup scripts. We are moving these to virtual machines. We are changing the Linux OS on DC1 from Gentoo to Ubuntu. REAL DC1 = FSMO Role REAL DC1 = Gentoo REAL DC2 = Ubuntu VIRTUAL DC1 = Ubuntu What is the correct way to change DC1 to a virtual machine? Do I just restore from REAL DC1 backup files? Or, do I shut down REAL DC1 and 'join' VIRTUAL DC1 to REAL DC2? Do I have to change the FSMO role first? (I was going to shut down REAL DC2, shut down REAL DC1, restore files from REAL DC1 to VIRTUAL DC1, start up VIRTUAL DC1 and test, etc.) I could not find a definitive answer on the Samba Wiki, and my apologies if I missed it. Many thanks for your help in advance. Regards, Paul Littlefield
Hello Paul, Am 24.01.2015 um 16:38 schrieb Paul Littlefield:> What is the correct way to change DC1 to a virtual machine?One way is to join the new virtual DC to the domain, transfer the FSMO roles from DC1 to the new one and demote DC1. But then your new DC has a new name, of course. And we currently have a bug, that not all roles are transfered, even if samba-tools says 'successful'. And then you can't demote the old one, until you manually edit the AD database. The second way, and the one I would go, is - shutdown Samba on DC1 - copy all databases and SysVol content to the new host, into the folders, where your new OS expect them - disconnect the old machine from the network - start Samba on the new host It's very important that the old host is never connected to the network any more or you will mess up your AD! I don't know what Samba version Gentoo and Ubuntu are shipping. But I suggest that the OS on the new host, doesn't have an older version. If you don't know where the OS of your new host puts the databases, provision a new domain in a test environment and see, where the databases are placed. About the FSMO roles, you usually don't have to worry. Make sure, that you understand what the five roles are for (https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles#The_five_FSMO_roles). Some domain features aren't available, if the DC owning a role is temporary down. But in most situations, this isn't business critical. Like if the RID master is down, your can e. g. create only new objects (users, groups, etc), until your second DCs RID pool is empty. Regards, Marc
On 24/01/15 17:56, Marc Muehlfeld wrote:> The second way, and the one I would go, is > - shutdown Samba on DC1 > - copy all databases and SysVol content to the new host, > into the folders, where your new OS expect them > - disconnect the old machine from the network > - start Samba on the new host > It's very important that the old host is never connected to the network > any more or you will mess up your AD! > > I don't know what Samba version Gentoo and Ubuntu are shipping. But I > suggest that the OS on the new host, doesn't have an older version.Hello Marc Thanks for your reply. Yes, that's what I thought... belt and braces copy all databases and sysvol content using the backup script and restore instructions on the wiki. Yes, I was going to literally turn OFF both the old 'real' DC1 and 'real' DC2 just in case the 'virtual' DC1 went fooey and interfered with DC2. I am also going to turn off all non-essential computers on the network so that Windows DC and login can be tested without any horrific consequences. What do the others think? Am I being paranoid or wise? :) Paul Littlefield PS: now I think about it, I amy as well 'virtualise' DC2 as well AS IS, then use that (with the same IP addresses, hostnames, etc. to test the new 'virtual' DC1 for replication, etc. Thoughts?