AD Takeover pre-implementation questions

UCS - Univention Corporate Server
#1

Hello, what an excellent piece of software… After a week of solid testing, I am almost ready to give Zentyal the boot from my network due to the lack of support on and care for any concerns users have for features and requests…

that being said i have used the AD takeover in a lab scenario from a minimally configured Zentyal server. I have tested as much as I can and would like to try my next step in testing.

If I were do perform a takeover from my production server, for further testing, am I able to shut down the UCS server and boot my Zentyal server as a roll-back to restore the domain to original configuration? Or does the takeover make permanent changes that would prevent this? In my mind all I should need to do is remove the additional domain controller (UCS) from the Zentyal system… It does not appear to demote the Zentyal server (or is unable to do so)

Thank you!

UCS domain takeover of Samba4 server AD Domain
#2

You’re right. If something goes wrong, you can simply shut down UCS and start Zentyal again (in a certain time frame).

Correct. Also look for DNS records. A UCS master usually creates a SRV record _domaincontroller_master._tcp.
You should remove those to prevent any problems if you do the takeover a second time.

Again correct :slight_smile:
The “old” AD domain controller (Zentyal in your case, Microsoft in most other cases) is not demoted, you just simply shut it down. In the very last step of the takeover, UCS grabs all FSMO roles, adds a DNS alias with the name of the old AD domain controller that points to the UCS, adds the IP adress of the old AD domain controller as a virtual IP and removes the old AD domain controller from the samba database.

Mastodon