On 2016-08-23 13:10, Reindl Harald via samba wrote:>
> Am 23.08.2016 um 11:43 schrieb Sylvain Nex via samba:
>> In my last job, I could see the disasters of restoring virtual machine
>> with
>> Microsoft AD as a standalone domain controller (a day reinstalling the
>> domain controller).
>>
>> What are the recommendations on virtualizing Samba AD DC according to
>> samba
>> team ? I found nothing on the wiki about it.
>>
>> Is that the best solution is to have a physical secondary controller?
>
> how does it matter if something is virtualized?
>
> you treat a VM exactly like a pyhiscal box, if you would setup a second
> server without virtualization you are doing the same with a second VM
> running on a difefrent host
>
> that's it
So, same recommendations as always apply:
• Don't rely on a single ADDC
• Don't restore ADDCs from backup if you can avoid it, as it wrecks
replication. Transfer roles to your secondary DC (physical or not does
not matter), then reimage and rejoin the dead DC. If that takes a day,
investigate into better automation.
• *Should* all DCs die *and* you cannot bring any online, *then*, and
only then, you can restore one DC from backups, and reimage the others.
The only gotcha with VMs is to not put the virtualization host into the
domain, as authentication to the Dom0 can brick itself if the DCs aren't
running yet to authenticate against and there's nothing in winbind's
logon cache.
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP sven.schwedas at tao.at | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 7167
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20160823/cc5601d9/signature.sig>