Windows based DC with UCS/Samba4

samba-ad
ad-takeover

#1

Hi,

in Windows Server 2016 and UCS it was mentioned that it is not supported to have a Windows based DC joined to an UCS domain.
According to https://wiki.samba.org/index.php/Joining_a_Windows_Server_2008_/2008_R2_DC_to_a_Samba_AD it would be possible to join the mentioned versions to S4. 2012 and 2012 R2 is mentioned in another document (https://wiki.samba.org/index.php/Joining_a_Windows_Server_2012/_2012_R2_DC_to_a_Samba_AD , currently NOT working).

Is the “unsupported” statement mentioned above mentioned as meant for all Windows versions or is this just valid for the Windows version mentioned in this thread (2016).

Background: We are currently looking for methods to migrate a domain with multiple sites from AD to UCS. The idea of the customer was just to replace the Windows based DC in the central site (using AD-Takeover) and retain the existing DC on the other sites. According to http://docs.software-univention.de/handbuch-4.2.html#windows:adtakeover:finalsteps “…all the host accounts of the other domain controllers must be removed …” which leaves the open question if also remote sites would have to be equipped with UCS-based DCs at the same time or if its possible to re-join the Windows-based DC.

Thanks for reading,
Dirk


#2

AFAIK the reason is this:

Samba currently does not support the DFS-R protocol required for Sysvol replication. Please manually synchronise the content between domain controllers (DC) or use a workaround such as Robocopy-based Sysvol Replication.


#3

A solution like this is possible https://www.tecmint.com/samba4-ad-dc-sysvol-replication/
??


#4

I’d say that this appears to be a howto for implementing the needed workaround quoted by @SirTux
Thanks for the pointer.

So my interpretation would be that “unsupported” is meant to be in relation to the UCS-stack itself and the supportabilty (by Univention Support) for solutions provided by other resources like Tecmint or the Samba-Wiki.