Renaming a ucs domain

UCS - Univention Corporate Server
#1

Yes it’s been asked before… and yes It is incredibly messy…
since we cannot rename a UCS/Samba LDAP setup easily…

would it be workable to take a renamed backup of the existing samba portion of an existing UCS AD setup
do the rename into a secondary “new” domain.
as per:
https://wiki.samba.org/index.php/Domain_rename_tool

finally bind a new UCS “takeover” mode against the renamed Samba AD
to endup with a “renamed” UCS instance, finally take all old systems off line and change the new system to the ip address of the old UCS instance.

I have a company merge to test… and no we cannot just re enter the users, there are millions of files & NAS that rely on the existing user/group ID’s
simply re-entering the users & groups changes the ID & disconnects any associations.

1 Like
#2

OK… this works…

Next question:

  1. is it better to join a UCS domain to this new renamed domain then run a “takeover”
    OR
  2. setup a UCS server & then just IMPORT the samba records back into the samba folder structure
1 Like
#3

So the thing that has always kept me away from renaming my domain, or even looking down this road, is having to rejoin all my machines to the new domain. I have a nearly all windows environment. I would like to rename my domain, since I took over a domain named after a long defunct company. But I really don’t want to have to do all that work just for naming convention’s sake.

Have you had any run-ins with re-joing windows clients? I might setup a test environment to try what you’re describing.

#4

The migration required significant analysis…

because there is basically no clear documentation and a lot of hearsay…
it is something you only do because it is more work to have to re-enter the details.

also the safest way is to bring up the other domain as a separate entity on the same NW.

don’t dream you can just take a domain and change the name then just re-add some clients…
and certainly not on UCS… samba yes… windows 2008 SP2 with MS tools… yes.

The best way for UCS would be a basic re-write of the scripts for doing a “AD take-over” extended for a re-name,
I would say that would be a doable project…
because they are basically taking a AD server leveraging it into samba then extending with UCS.

It just needs a little bit of script diddling, to get the secret source & target a couple of fields in the LDAP records.
but you would still need to manually migrate the GPO using buggy MS tools.

I’m about to attempt the UCS bind & AD takeover to the new samba renamed domain that’s working…
but since this is established methodology… i don’t see any problems.

#5

Just an add on here, to say it is possible, but there are some other separate issues.
my statement about UCS Takeover of SAMBA was incorrect, it breaks in interesting ways…

  1. Samba rename
    Which is cleaner to setup, even though it is functional , it cannot be integrated with UCS
  2. It cannot be cleanly “take over” by a UCS installation.
    This requires a little extra work and a couple of specialist scripts.
    one for users & one for computers.

It also requires some work on the GPO links stored in the LDAP (NOT related to the SYSVOL)
Both on the SAMBA & UCS migrated rename, they will break the MS system tools with endless loops.

There is a bug going to be filed with SAMBA team, to get the issues with the MS tools sorted out, since this is easily doable.

1 Like
Mastodon