possible Pitfall of Samba 4 AD Deployments

Once a new Active Directory Domain has been provisioned using Samba 4, it seems at least difficult to change the IP address of its Domain Controller. Samba 4 in AD DC mode does not automatically change its own address. Looking at the DNS data using Apache Directory Studio, I found the Resource Records to be encoded binary. Although still readable, Apache DS didn’t easily let me change them (one could do it, but it’s cumbersome).

I haven’t yet profoundly studied samba-tool, so there might in theory be a way to solve this kind of situation. For now, I have given up that testing domain, as in the meanwhile it had suffered from some challenges anyway, and nothing really depends on it. Provisioned again, joined a client, and I can continue my research on a new setup. Easy.

Conclusion: The question what to do when migrating your address scheme, say from using a CLASS-C net below to something bigger below, seems quite important. Apart from the mere possibility to switch over with an S4 DC at all, it’s sensitivity for address scheme changes makes such migrations a lot more challenging. Might be good advise to migrate address wise first, if needed, before switching to production with an S4 DC.

Leave a Reply

Your email address will not be published. Required fields are marked *