Hi, let me step in here. Child-Domains as in Active Directory Child Domains (and not as in DNS sub domains or as in Mail domains) is a concept in Microsofts Active Directory Domain Services. I assume you are referring to this?
For Active Directory child domains, you need Active Directory Forests and Trusts (the child AD domain and the parent AD domain need to trust each other). Although it should be technically possible to set up an Active Directory trust relationship between two Samba Active Directory Domains that are both run by UCS, it is currently not supported in UCS. You can read about the current state of Samba/AD to Windows/AD trusts in this blog post (long story short: some things don’t work yet and you probably don’t want to run it in production):
However, most probably you don’t need a child domain but only an additional Active Directory Site (another Active Directory concept). To be more precise: technically you don’t need a child domain, because UCS solves branch offices in another way. There are only organizational reasons that might prevent this. The things you will have to live with are: the branch site will have the same domain name as the headquarter site and you can’t do security filtering accross domains/sites.
As an rough outline, here is what I would do:
- Setup a UCS Backup or Slave
- at the branch office
- in a seperate subnet
- join it against the UCS Master in the headquarter office (=same AD domain)
- set the UCR variable
samba4/join/site to the Active Directory Site name you want (e.g. “branchoffice”)
- Install the App “Active Directory compatible Domain controller”
- Check the Active Directory Sites settings with the corresponding Tool provided by RSAT (and perform any corrections that might be necessary). Have a look at this Microsoft article for details.
- You can then still use a DNS subdomain and a Mail subdomain to differentiate between the two Sites if you need that
I also recommend to read these two blog articles to understand how replication works in UCS: