How to do a take over of another UCS AD DC?

ahernandez · October 9, 2017, 2:05am

Hello, I did a successfully take over of a Windows Server 2003 R2 AD DC with UCS 4.2.

I have a UCS 4.2 server working properly as:

DNS Server
AD DC

But I created a new instance of UCS 4.2 and want to transfer all users/groups from the previous UCS 4.2 server to this new server instance.

I tried the same process I did to take over the Windows Server 2003 R2 AD DC but when click Next on the Windows domain authentication step, I get the error: The selected Active Directory server has the same NTDS GUID as this UCS server.. I don’t find information about this on Google.

Here you have an screenshot:

do I need to change the value of: NTDS GUID in order to go ahead?, if so, how do I do it?

Summarizing my question: How do I take over another UCS AD DC?. I think this should be easier thank take over of a Windows Server 2003 R2 system since it is the same system.

Thanks.

externa1 · October 9, 2017, 4:37am

Hi,

AFAIK this is not possible that way, but instead you schould add a UCS Domain Backup Server and then do a Backup to Master conversion.

http://docs.software-univention.de/manual-4.2.html#domain:backup2master

rg
Christian

ahernandez · October 11, 2017, 3:08pm

that other way will have the same effect?
I mean, will:
X -> M -> N -> Y
be equivalent to:
X -> P -> Y?

Thanks.

Moritz_Bunkus · October 13, 2017, 8:37am

Why do you want to transfer users & groups in the first place? What’s your use-case for the second (new) server?

ahernandez · October 15, 2017, 10:40pm

because I did modifications on the Linux installation (not Univention related) and I want to do a fresh Linux install but using the users and groups I have on my current Linux server.

What about if this machine get broken?. Then I will lost the users and groups I have there?. Is not possible to create a backup just in case, like in any other application?

Thanks!

Moritz_Bunkus · October 16, 2017, 7:19am

Hey,

In that situation the way @externa1 has talked about is the one to go:

Set up a UCS DC Backup
Join the DC Backup into the domain
Shut down the old DC Master
Promote the DC Backup to be the new DC Master

That way all domain-related settings including but not limited to users & groups will be preserved, but you’ll have your pristine installation.

That’s just what the DC Backup server role is for: to serve as a safety net in case of catastrophic failure of your DC Master. In that case it can be converted into a new DC Master (a non-reversible action, BTW), and your domain’s safe.

Of course there is a plethora of ways to do normal backups of UCS machines including DC Masters, and having a DC Backup does not absolve you of the responsibility of creating regular, complete backups (similar to how RAID doesn’t replace backups either).

Kind regards,
mosu

ahernandez · October 16, 2017, 3:55pm

Thank you very much @Moritz_Bunkus and @externa1.

@Moritz_Bunkus: Of course there is a plethora of ways to do normal backups of UCS machines including DC Masters, and having a DC Backup does not absolve you of the responsibility of creating regular, complete backups (similar to how RAID doesn’t replace backups either).

One other question, do you know how to do that DC backup into a file?, some kind of export so later on I can do a import?

Thanks!

Moritz_Bunkus · October 17, 2017, 7:11am

Hey,

there’s no data export that you can then import into a newly set up DC Master. What you can do is do full machine backups, e.g. with rsync or tar.

Kind regards,
mosu