samba - Sep 2021 - Upgrade

Ok, to start - I PROMISE not to even *THINK* of sssd.?
(Oh, dang...I already did. Oops.)
<I kid, I kid...>
?
Ok, more seriously.?
Louis, Rowland, et al.
?
I've got a couple of AD controllers which have hummed along just fine, not
doing a lot of anything the last year or two.
We're probably going to use them more, going forward, and I should probably
move off of Ubuntu 18LTS to 20.
?
Upgrading the AD itself (apt-get disto-upgrade or whatever it is) to 20 seems to
have caused quite a few people issues, so I think the consensus was that simply
building a new AD controller/member and adding it was the "safest"
& "best" route. And, since these are all VM machines anyway, that
route works fine for me.
?
However, the only messy thing is that these AD's were named, AD1 and AD2.
Now if I build another pair, we'll have AD3 and AD4.
In another few years, we'll be AD37 and AD38 or something. :) Ok, I
exaggerate a bit.
?
But is there a nice way to keep the naming more simple? Or do I just learn to
name them by year or something - so these will be AD2021-1 and AD2021-2?
(That's so ugly.)
Suggestions?
TIA
?
-Greg

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Gregory Sloop via samba
> Verzonden: dinsdag 28 september 2021 0:22
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Upgrade
> 
> 
> Ok, to start - I PROMISE not to even *THINK* of sssd.?
> (Oh, dang...I already did. Oops.)
> <I kid, I kid...>
> ?
> Ok, more seriously.?
> Louis, Rowland, et al.
> ?
> I've got a couple of AD controllers which have hummed along 
> just fine, not doing a lot of anything the last year or two.
> We're probably going to use them more, going forward, and I 
> should probably move off of Ubuntu 18LTS to 20.
> ?
> Upgrading the AD itself (apt-get disto-upgrade or whatever it 
> is) to 20 seems to have caused quite a few people issues, so 
> I think the consensus was that simply building a new AD 
> controller/member and adding it was the "safest" &
"best"
> route. And, since these are all VM machines anyway, that 
> route works fine for me.
Good possible and always good to do a clean install so now and then
but, upgrading should not be a problem, my servers are now buster and bullseye,
I upgraded them since wheezy.
> ?
> However, the only messy thing is that these AD's were named, 
> AD1 and AD2. Now if I build another pair, we'll have AD3 and AD4.
> In another few years, we'll be AD37 and AD38 or something. :) 
> Ok, I exaggerate a bit.
That is fine, Greory, let look at this.. 
AD1.some.domain.tld, now, this is the "real" computer name. But your 
Ad-dc also runs DNS, NTP maybe dhcp. 
So CNAME NTP1 => AD1 
	   DNS1 => AD1
Etc etc.
Setup everything you with hostnames so you use these aliases. 
CNAMES is key plus A and PTR records for these servers. 
> ?
> But is there a nice way to keep the naming more simple? Or do 
> I just learn to name them by year or something - so these 
> will be AD2021-1 and AD2021-2? (That's so ugly.)
> Suggestions?
Have a read here. And yes, i really really advice everyone to read this one. 
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/naming-conventions-for-computer-domain-site-ou


Best tip i can give is use Aliasses where you can, everything i publish to the
pc's are ALIASSES (CNAMES)
By doing that, i can very simple move my data from server to server ( while
everyone is working )..
And when im done moving stuff, i just change the alias and point to the new
server when people arent working.

My hostnames are bases on few simply things.. For example. 
AD-DC's  Location-hostnameNR   NY-AD1.ADDOM.DOMAIN.TLD 	
Members  Location-MEM-FUNCTION-NR   NY-MEM-PROXY1.ADDOM.DOMAIN.TLD also alias
for GW1.  (gateway1)

A bit like that. 
Only thing you have to look out for is make user the correct UPN/SPN's are
set where needed.
Most stuff WILL correctly work with only the default keytab file after a domain
join.

I hope it helped you a bit. 


Greetz, 

Louis