On Wed, 06 Dec 2023 09:45:13 -0500
Mark Foley via samba <samba at lists.samba.org> wrote:
> I have provisioned a new DC with Samba 4.18.5. This DC is intended to
> replace an older one in my AD domain.
>
> The old/current DC has a number of Group Policies set. Can I
"rsync"
> /var/lib/samba/sysvol/hprs.local/policies/ to my new
> /var/lib/samba/sysvol/hprs.locl/Policies/ per
> https://wiki.samba.org/index.php/SysVol_replication_(DFS-R), or will
> I have to manually create policies in the new DC?
If this is a replacement DC for another DC in the same AD domain, then
yes, you are expected to sync sysvol between DCs.
You do not sync the 'Policies' directory, you sync the entire sysvol
directory tree.
However, unless it is a typo, you seem to have one dns domain called
'hprs.local', whilst the other is called 'hprs.locl', these
would be
two different AD domains (the domain SIDs will be different). if it
isn't a typo and you do have two different domains, then you will to
recreate the GPOs on your new DC.
>
> If copying over the old one is OK, there are already two folders in
> /var/lib/samba/sysvol/hprs.locl/Policies/ I'll have to avoid
> clobbering:
>
> # ls
>
/var/lib/samba/sysvol/hprs.locl/Policies/\{31B2F340-016D-11D2-945F-00C04FB984F9\}/
> GPT.INI* MACHINE/ USER/
>
> # ls
>
/var/lib/samba/sysvol/hprs.locl/Policies/\{6AC1786C-016F-11D2-945F-00C04FB984F9\}/
> GPT.INI* MACHINE/ USER/
>
If it isn't a typo, then this will not matter, these policies are the
default policies and they exist on all Samba AD DCs
Rowland