samba - Sep 2023 - Renaming a domain

Hi there,

I'm on Samba (on a testing environment) since 2 months and it's quite
good so far. I've connected few services to the DC (our printer system, NAS,
etc?) and it's ready to be in production with all the GPOs I created.

But... I made a mistake with the domain name. I used a subdomain
(tech.example.com) I thought I wouldn't need outside of the company and
other services are using this subdomain and it's sub subdomains
(nas1.tech.example.com, vpn1.tech?)? Samba DNS is accessible from outside the
network, and as it's not a great idea, I decided I need to rename the domain
(to ad.example.com).

First of all I read this article:
https://wiki.samba.org/index.php/Domain_rename_tool, which is pretty
straightforward but I'm stuck at few details:

1- I want to rename the domain, not the netbios name (currently EXAMPLECOM), and
samba doesn't allow using the same netbios. Is it a safe to rename it twice?
First I rename to ad1.example.com/EXAMPLE1, restore it to a standalone VM, then
rename it again to the final domain name/netbios I would like:
ad.example.com/EXAMPLECOM . THEN restore again in VM and join it to old DC and
finally demote old DC ?

2- If I understand correctly the doc, I won't have any issues with my
userPrincipalName, as they all use additional @domain names and not the DC
domain. Right ?

3- To handle GPOs, I need to export all of them from old domain, and reimport
all of them to new domain. Do I need to change anything inside them? I'm
using shares on nas1.tech.example.com and they will still be used as they are.
Right ?

Anything else to pay attention to ?

Thanks for your guidance.
-- 
Regards, Adnan RIHAN

GPG: D433-5C63 (https://keybase.io/max13/key.asc)
? If you are not using GPG/PGP but want to send me an encrypted e-mail:
https://encrypt.to/0xD4335C63.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20230924/651f815e/OpenPGP_signature.sig>

On Sun, 24 Sep 2023 22:11:56 +0200
Adnan RIHAN via samba <samba at lists.samba.org> wrote:
> Hi there,
> 
> I'm on Samba (on a testing environment) since 2 months and it's
quite
> good so far. I've connected few services to the DC (our printer
> system, NAS, etc?) and it's ready to be in production with all the
> GPOs I created.
> 
> But... I made a mistake with the domain name. I used a subdomain
> (tech.example.com) I thought I wouldn't need outside of the company
> and other services are using this subdomain and it's sub subdomains
> (nas1.tech.example.com, vpn1.tech?)? Samba DNS is accessible from
> outside the network, and as it's not a great idea, I decided I need
> to rename the domain (to ad.example.com).
> 
> First of all I read this article:
> https://wiki.samba.org/index.php/Domain_rename_tool, which is pretty
> straightforward but I'm stuck at few details:
Yes it is pretty straightforward and it straightforwardly says at the
top (in a warning box) 'Although Samba has a domain rename tool, it
currently does not support renaming a production domain for long-term
use.'

Sorry, but it probably will be better to start again with a new domain.

Rowland