Zentyal Forum, Linux Small Business Server

Zentyal Server => Directory and Authentication => Topic started by: kcurtis on December 03, 2018, 02:05:39 pm

Title: Promote additional DC to main without loosing users?
Post by: kcurtis on December 03, 2018, 02:05:39 pm
I have 3 Zentyal boxes (6.0.1, 5.1.1, 6.0.1) Our main DC crashed and I loaded a new one but it came up also as additional. When I go to change it to the main Domain Controller it says the database will be reprovisioned and all computers will need to rejoin the domain.

Is this true? Will I need to go to every workstation, remove them from the domain, rejoin them? Or is that saying I will need to just reboot them?

Also, promoting it will keep all user accounts correct?
Title: Re: Promote additional DC to main without loosing users?
Post by: BerT666 on December 04, 2018, 12:35:50 pm
Hi, I think there is no "Zentyal way" to promote a Server to the primary...

You could assign the FSMO roles to another server :-)
The sad thing is, there is (as far as I know) no sync of the SYSVOL folder...

Regards

Thomas
Title: Re: Promote additional DC to main without loosing users?
Post by: kcurtis on December 04, 2018, 01:10:37 pm
So even if I roll out another server and make it the primary it will never pull the users, passwords and computers?

No backup - restore users option?
Title: Re: Promote additional DC to main without loosing users?
Post by: basselope on December 04, 2018, 03:04:35 pm
Once you have sorted out the situation, check https://wiki.samba.org/index.php/Rsync_based_SysVol_replication_workaround  : the lack of SYSVOL replication is not a Zentyal issue but a basic samba limitation.

Hopefully it will be implemented at some point but that link explains how to configure it manually.
Title: Re: Promote additional DC to main without loosing users?
Post by: BerT666 on December 06, 2018, 10:37:20 am
... you can only add more DCs as aditional ones...
You wrote, you have 3 Zentyal boxes as DCs (?), so normally, the users (passwords,...) are still there.

But do not use "main DC" unless you really want to recreate the domain
Title: Re: Promote additional DC to main without loosing users?
Post by: kcurtis on December 06, 2018, 01:10:26 pm
So if we have/had 3 DC and right now all 3 are set to additional and seem to be handing out logins correctly what problems am I looking at in the future without having any set as the prime?
Title: Re: Promote additional DC to main without loosing users?
Post by: BerT666 on December 07, 2018, 09:26:07 am
I belive there would be no side effect, at least when you moved /seized the FSMO Roles between the "still living" servera...

Since you need a working SYSVOL for GPOs, I suggest that you take a look at the "samba Issue" regarding its replication. If you do not need SYSVOL, all should be fine

Regards

BerT
Title: Re: Promote additional DC to main without loosing users?
Post by: ovecka on December 09, 2018, 04:46:26 pm
There were issues for me when I transferred all FSMO roles to Zenyal's ADC, copied the sysvol directory and shut the PDC for good.
The GUI still thinks it's an ADC. That means that I am unable to activate Roaming profiles and set the home directory letter via the GUI and when I create a new user there, the profile path and home directory aren't properly mapped. Since then, I have been forced to create all new user's links through Windows' RSAT. Unfortunately, I hadn't found any solution to the problem and eventually gave up.

I forgot to mention that all the other domain functions work well, incl. user authentication, samba shares, GPOs,...
Title: Re: Promote additional DC to main without loosing users?
Post by: Neustradamus on December 09, 2018, 08:20:20 pm
Maybe we want to add it: https://wiki.samba.org/index.php/SysVol_replication_(DFS-R)