ali-reza.fahimi at schneider-electric.com
2016-Oct-05 12:27 UTC
[Samba] Is it possible to change the domain name?
Hello, The only way I have come up so far to rename the domain is by re-provisioning Samba using the samba-tool utility. This, however, requires to remove the sam configuration file and the entire database file. This is definitely not very convenient as all the objects including the users, groups, and GPOs and their links will be destroyed. My question: Is there a better way to rename the Samba4 domain name provisioned once with active directory role without losing the objects and GPOs? Best Regards, Ali
lingpanda101 at gmail.com
2016-Oct-05 13:17 UTC
[Samba] Is it possible to change the domain name?
On 10/5/2016 8:27 AM, ali via samba wrote:> Hello, > > The only way I have come up so far to rename the domain is by > re-provisioning Samba using the samba-tool utility. This, however, requires > to remove the sam configuration file and the entire database file. > > This is definitely not very convenient as all the objects including the > users, groups, and GPOs and their links will be destroyed. > > My question: > > Is there a better way to rename the Samba4 domain name provisioned once > with active directory role without losing the objects and GPOs? > > Best Regards, > AliI don't believe this will be easy at the moment. This will require creating trusts, which Samba doesn't fully support yet. I'm curious how others have approached this topic as well. -- -James
On Wed, 5 Oct 2016, ali via samba wrote:> Is there a better way to rename the Samba4 domain name provisioned once > with active directory role without losing the objects and GPOs?Apparently 2008 R2 supports renaming domains. You could join a 2008 R2 DC, sync everything up, move your FSMO roles over, shut down your Samba DCs, rename the domain on the remaining Windows DC, then rejoin your Samba DCs as new DCs, move your FSMO roles back, and shut down your Windows DC. I'm curious what would happen if you did an ldbedit and did a search/replace on the entire ldap database and changed every reference of the old domain to the new one. Then restart the DC, and all member servers/workstations and see what happens. Obviously, someone should test that in a lab first... it may well blow up. It's entirely possible the ldbedit would just fail, as it can be picky about changing certain things if they would conflict or cause errors...I'm not sure if it's possible to edit _everything_ in one go, even with --relax --cross-ncs.