Olivier MARTIN
2023-May-22 08:56 UTC
[Samba] Usage of '--domain-guid' parameter of 'samba-tool domain provision'
I am testing my deployment Ansible script that create a AD DC domain environment. Every time I relaunched my script it recreates an AD DC with the given parameters (always the same domain parameters) On 22.05.23 10:39, Rowland Penny via samba wrote:> > > On 21/05/2023 22:29, Olivier MARTIN via samba wrote: >> As I said in my last email, my intention was to not have to >> regenerate the domain controller certificate as explained here: >> https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login#Get_the_Domain_Controller.27s_GUID_with_script >> when I re-provisioned the same domain (in my test environment). The >> domain controller certificate requires its GUID. >> >> But I mixed "Domain GUID" and "Domain Controller GUID". And I was >> hoping by passing a known GUID to "samba-tool domain provision", I >> will be able to re-use my domain controller certificate without >> having to regenerate a new one everytime I re-provision my domain in >> my test environment. But what is passed to "samba-tool domain >> provision" is the "domain GUID" - not the "domain controller GUID". >> > > I understood that, what I didn't understand and what I actually asked > was : > > Why do you need to recreate your AD DC domain environment ? > > Rowland >
Rowland Penny
2023-May-22 12:53 UTC
[Samba] Usage of '--domain-guid' parameter of 'samba-tool domain provision'
On 22/05/2023 09:56, Olivier MARTIN via samba wrote:> I am testing my deployment Ansible script that create a AD DC domain > environment. Every time I relaunched my script it recreates an AD DC > with the given parameters (always the same domain parameters) > >That explains what you are trying to achieve, but not really why. If you are trying to create an Ansible script to create a new domain, then you do not require any DC GUID's, as the first DC in your new domain will have a new unique GUID. If you are trying to create an Ansible script to recreate a failed domain from a backup, then this works in pretty much the same way. You should never try to backup a DC, only the domain. If a single DC fails, replace it with a new DC. If all the DC's fail, then restore the domain from a backup, you can use 'samba-tool domain backup' to create the required backup. Rowland
Apparently Analagous Threads
- Usage of '--domain-guid' parameter of 'samba-tool domain provision'
- Usage of '--domain-guid' parameter of 'samba-tool domain provision'
- Usage of '--domain-guid' parameter of 'samba-tool domain provision'
- Usage of '--domain-guid' parameter of 'samba-tool domain provision'
- Usage of '--domain-guid' parameter of 'samba-tool domain provision'