samba - Sep 2017 - How to add a second Samba DC to create homogeneous multi-DC domain?

On Fri, 2 Sep 2017, Don via samba wrote:
> Greetings,
>
> For sake of failover it's time for me to add a second samba DC to a
> domain with a single samba DC. At present, there's only one samba DC.
> There are no Windows DCs.
>
> The documentation seems a little dated:
>
>  https://wiki.samba.org/index.php/Samba_4.0_Whitepaper
Try the following instead:
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory

WARNING there is a bug in the sysvolreset command. Only do it once ON THE NEW
SERVER and NEVER do it again on ANY server or you WILL BREAK THINGS. Search the
recent archives of this list for more info.
> Apparently a SysVol replication workaround must be implemented:
>
> 
https://wiki.samba.org/index.php/Bidirectional_Rsync/Unison_based_SysVol_replication_workaround
I use osync, but yes you must use a workaround. You get to pick. :-)
>
> Does only one server at a time own the FSMO roles?
Yes!! That is the way both Samba AD and MS AD work.
>
> Is it OK for the new DC to use 4.5 if the existing DC uses 4.1?
You should upgrade. Many things have changed and improved. 4.1 is no
longer supported (It went EOL 2016-03-22) and 4.5 is in maintenance mode. See
https://wiki.samba.org/index.php/Samba_Release_Planning for more details.
IMO this is especially important for a Samba AD DC. There are lots of traps
and pitfalls. Running old obsolete versions of Samba just makes that harder.

See https://wiki.samba.org/index.php/Updating_Samba for upgrading info.

Read the list archives to get a feel for the potential problems.
> What's missing? Are there any other things to consider?
Most likely yes but only you know your setup.

Regards,

-- 
Tom			me at tdiehl.org