On Sun, 10 Feb 2019 at 17:42, Rowland Penny via samba <samba at lists.samba.org> wrote:> > > The problem is that a Samba AD DC is constantly in flux, that is, it > changes constantly, if your 'snapshot' can guarantee it is correct, > then I see no problem, but you would only really know when you tried > to restore it. > > >With regards to information between 2 backups being lost, how > > is that different with other backup strategies, for example using > > samba-tool online backup? > > That is the problem with any AD DC backup method, the backups can > quickly become out of date. > > > You keep saying that but I can't quite wrap my head around it. How exactlyis the DC constantly in flux? Say I set up my small AD, one DC, 10 users, 10 computers, internal DNS and some GPOs and I'm not touching any of that anymore after the initial setup. Yes, users create their files, set permissions etc but that's all done on the filesystem of the member server and not in the AD itself, right? So what will have changed a week later on the DC? Viktor
On Sun, 10 Feb 2019 19:33:17 +0100 Viktor Trojanovic <viktor at troja.ch> wrote:> On Sun, 10 Feb 2019 at 17:42, Rowland Penny via samba > <samba at lists.samba.org> wrote: > > > > > > > The problem is that a Samba AD DC is constantly in flux, that is, it > > changes constantly, if your 'snapshot' can guarantee it is correct, > > then I see no problem, but you would only really know when you tried > > to restore it. > > > > >With regards to information between 2 backups being lost, how > > > is that different with other backup strategies, for example using > > > samba-tool online backup? > > > > That is the problem with any AD DC backup method, the backups can > > quickly become out of date. > > > > > > You keep saying that but I can't quite wrap my head around it. How > > exactly > is the DC constantly in flux? Say I set up my small AD, one DC, 10 > users, 10 computers, internal DNS and some GPOs and I'm not touching > any of that anymore after the initial setup. Yes, users create their > files, set permissions etc but that's all done on the filesystem of > the member server and not in the AD itself, right? So what will have > changed a week later on the DC? > > ViktorIf all you have is 10 users, then your changes are going to be small, but there will be changes, machine passwords could change for instance. If a computers password changes 5 minutes after you back up the domain and then a week later you restore from your backup, the machine will not be able to connect to the domain, the domain will expect the old password and the machine will be sending the new one. Rowland
On Sun, 10 Feb 2019 at 19:52, Rowland Penny via samba <samba at lists.samba.org> wrote:> On Sun, 10 Feb 2019 19:33:17 +0100 > Viktor Trojanovic <viktor at troja.ch> wrote: > > > On Sun, 10 Feb 2019 at 17:42, Rowland Penny via samba > > <samba at lists.samba.org> wrote: > > > > > > > > > > > The problem is that a Samba AD DC is constantly in flux, that is, it > > > changes constantly, if your 'snapshot' can guarantee it is correct, > > > then I see no problem, but you would only really know when you tried > > > to restore it. > > > > > > >With regards to information between 2 backups being lost, how > > > > is that different with other backup strategies, for example using > > > > samba-tool online backup? > > > > > > That is the problem with any AD DC backup method, the backups can > > > quickly become out of date. > > > > > > > > > You keep saying that but I can't quite wrap my head around it. How > > > exactly > > is the DC constantly in flux? Say I set up my small AD, one DC, 10 > > users, 10 computers, internal DNS and some GPOs and I'm not touching > > any of that anymore after the initial setup. Yes, users create their > > files, set permissions etc but that's all done on the filesystem of > > the member server and not in the AD itself, right? So what will have > > changed a week later on the DC? > > > > Viktor > > If all you have is 10 users, then your changes are going to be small, > but there will be changes, machine passwords could change for instance. > If a computers password changes 5 minutes after you back up the domain > and then a week later you restore from your backup, the machine will > not be able to connect to the domain, the domain will expect the old > password and the machine will be sending the new one. > >Ok, that's a valid point but the computer pw is usually initiated every 30 days. Which brings me back to my question, if I set everything up on day x, meaning that user passwords don't expire for another 45 days and computer passwords remain valid for another 30 days, make a backup on that same day, and restore the AD a week later without any intermediate backups, what will I have lost? Sorry to belabor the point, I'll keep doing daily backups in any case, I'm just trying to figure out what I'm missing. :) Viktor