Mixed domain controllers: Windows and UCS

samba-ad
windows

#1

Hello,
I am reading documentation and doing some experiments but it seems to me that it is not possible to have a Windows PDC and a UCS backup or slave domain controller.
Is it true?
Thanks in advance,
Mario


#2

Hey,

it’s correct that mixing Windows-based AD DCs and UCS-(Samba4-)-based AD DCs is not supported.

Kind regards,
mosu


#3

Thanks for reply.
Have you perhaps a technical explanation of why is not possible?


#4

AFAIK support for the sysvol replication protocol is still missing in Samba 4:
https://wiki.samba.org/index.php/Rsync_based_SysVol_replication_workaround

And you’ll always need an UCS DC Master. UCS roles are different from AD roles.


#5

Hey,

yes, the missing sysvol replication is the big hurdle. Samba simply doesn’t support it at the moment, mostly due to the nature of Linux user & group IDs being assigned dynamically and therefore differently on each Samba AD DC in the general case. While this is not the case on Univention where the DC Master assigns those and manages them identically across all UCS servers, Samba simply still doesn’t do sysvol replication.

Univention does have an rsync-based replication mechanism in place, but that only synchronizes across all UCS/Samba DCs. That doesn’t solve the much bigger issue of syncing the sysvol between Windows and Samba DCs.

Kind regards,
mosu