DC Demotion Question
-
@tiagom said in DC Demotion Question:
@scottalanmiller There's the disconnect.
Yup hitting AD directly.
I see interesting, i haven't been in that scenario. Is that the only way to do it, or just the most common?
Definitely not the only way, but I think it is more common. Many systems, like Linux boxes, talk to LDAP natively and it works really smoothly.
-
Cool, the services that i deal with all (luckily) talk to LDAP natively.
-
@scottalanmiller said in DC Demotion Question:
@BRRABill said in DC Demotion Question:
@scottalanmiller said in DC Demotion Question:
@BRRABill said in DC Demotion Question:
Why isn't there an open source product that can replicate AD? That would solve all our problems!
There is. Samba4 functions as AD completely. LDAP will replicate it, like FreeIPA.
Could one of those provide redundancy for AD in a 1 server scenario?
Save some licensing costs?
Samba4 can, but doesn't do the LDAP portion that he needs.
In my scenario, thinking about going down to one AD ... could Samba work here for redundancy if the AD server goes down while I am away?
-
@BRRABill said in DC Demotion Question:
@scottalanmiller said in DC Demotion Question:
@BRRABill said in DC Demotion Question:
@scottalanmiller said in DC Demotion Question:
@BRRABill said in DC Demotion Question:
Why isn't there an open source product that can replicate AD? That would solve all our problems!
There is. Samba4 functions as AD completely. LDAP will replicate it, like FreeIPA.
Could one of those provide redundancy for AD in a 1 server scenario?
Save some licensing costs?
Samba4 can, but doesn't do the LDAP portion that he needs.
In my scenario, thinking about going down to one AD ... could Samba work here for redundancy if the AD server goes down while I am away?
In theory, and maybe someone will show me the exception, you should never have Samba4 mixed in with Windows AD DCs, it makes no sense. If you are okay with the limitations and management of Samba4 then you would use it across the board. If you are unwilling to accept those limitations then you would have Windows AD DCs across the board. You'd never mix and match as you take all of the limitations of Samba if you use any Samba, and you take on the cost of WIndows if you use any Windows. So it is always all one or all the other even though they you could mix them.
-
@BRRABill said in DC Demotion Question:
In my scenario, thinking about going down to one AD ... could Samba work here for redundancy if the AD server goes down while I am away?
So in your example you would do either....
- Replace Windows with Samba4 and stop paying for Windows entirely or...
- Put in two Samba4 servers for redundancy for free.
-
Well there needs to be an open source AD replication product.
Where's my EASY BUTTON.
-
@BRRABill said in DC Demotion Question:
Well there needs to be an open source AD replication product.
Where's my EASY BUTTON.
There is... Samba4. It just doesn't make any sense to only use it once. If you are willing to have it at all, why would you even consider keeping Windows?
-
@scottalanmiller said
There is... Samba4. It just doesn't make any sense to only use it once. If you are willing to have it at all, why would you even consider keeping Windows?
Would I have all the same users and security and stuff as I currently do?
Need to keep Windows servers for the immediate time being.
-
@BRRABill said in DC Demotion Question:
Would I have all the same users and security and stuff as I currently do?
It's a 100% replacement. No lost features.
-
@BRRABill said in DC Demotion Question:
Need to keep Windows servers for the immediate time being.
Why?
-
@scottalanmiller said in DC Demotion Question:
@BRRABill said in DC Demotion Question:
Would I have all the same users and security and stuff as I currently do?
It's a 100% replacement. No lost features.
Really. Interesting.
So I could just replace my AD with Samba4?
Is there some sort of migration tool?
-
@BRRABill said in DC Demotion Question:
@scottalanmiller said in DC Demotion Question:
@BRRABill said in DC Demotion Question:
Would I have all the same users and security and stuff as I currently do?
It's a 100% replacement. No lost features.
Really. Interesting.
So I could just replace my AD with Samba4?
Yes! As long as you've not moved your forest past 2008R2.
-
@BRRABill said in DC Demotion Question:
Is there some sort of migration tool?
There is no migration. You just add Samba to the domain and remove Windows. You are not migrating to or from anything.
-
@scottalanmiller said in DC Demotion Question:
@BRRABill said in DC Demotion Question:
@scottalanmiller said in DC Demotion Question:
@BRRABill said in DC Demotion Question:
Would I have all the same users and security and stuff as I currently do?
It's a 100% replacement. No lost features.
Really. Interesting.
So I could just replace my AD with Samba4?
Yes! As long as you've not moved your forest past 2008R2.
Does being on 2003 count?
-
@scottalanmiller said in DC Demotion Question:
@BRRABill said in DC Demotion Question:
Is there some sort of migration tool?
There is no migration. You just add Samba to the domain and remove Windows. You are not migrating to or from anything.
What? That can't be possible.
-
@BRRABill said in DC Demotion Question:
@scottalanmiller said in DC Demotion Question:
@BRRABill said in DC Demotion Question:
Is there some sort of migration tool?
There is no migration. You just add Samba to the domain and remove Windows. You are not migrating to or from anything.
What? That can't be possible.
Seriously, it's a full AD server, it's not an alternative, it's a drop in replacement of AD 2008R2.
-
@BRRABill said in DC Demotion Question:
@scottalanmiller said in DC Demotion Question:
@BRRABill said in DC Demotion Question:
@scottalanmiller said in DC Demotion Question:
@BRRABill said in DC Demotion Question:
Would I have all the same users and security and stuff as I currently do?
It's a 100% replacement. No lost features.
Really. Interesting.
So I could just replace my AD with Samba4?
Yes! As long as you've not moved your forest past 2008R2.
Does being on 2003 count?
Yup, Samba4 would be a three step upgrade in base AD functionality level for you.
-
If things are already that out of date, go with Samba. Skip the Windows updates. Great chance to save money over the long term now that no one is used to having modern Windows options available.
-
As far as I can tell, you can use the Windows RSAT stuff to manage the SAMBA4 domain controllers, GPOs should work... Dang.. I need to spin one up now, lol.
-
Just throwing some initial thoughts out here while answering morning tickets, so my apologies if I'm misdiagnosing or forgetting something. I went through this process a few years ago, but my recollection is pretty foggy on what all was involved.
Could you setup the first Virtual as the secondary DC, change JOE's IP and drop him, set the new secondary virtual with JOE's IP so it takes over as your secondary DC? Once that's running for a few days to assure no conflicts, repeat the process with BOB?
