Once a new Active Directory Domain has been provisioned using Samba 4, it seems at least difficult to change the IP address of its Domain Controller. Samba 4 in AD DC mode does not automatically change its own address. Looking at the DNS data using Apache Directory Studio, I found the Resource Records to be encoded binary. Although still readable, Apache DS didn’t easily let me change them (one could do it, but it’s cumbersome).
I haven’t yet profoundly studied samba-tool, so there might in theory be a way to solve this kind of situation. For now, I have given up that testing domain, as in the meanwhile it had suffered from some challenges anyway, and nothing really depends on it. Provisioned again, joined a client, and I can continue my research on a new setup. Easy.
Conclusion: The question what to do when migrating your address scheme, say from using a CLASS-C net below 192.168.0.0/16 to something bigger below 10.0.0.0/8, seems quite important. Apart from the mere possibility to switch over with an S4 DC at all, it’s sensitivity for address scheme changes makes such migrations a lot more challenging. Might be good advise to migrate address wise first, if needed, before switching to production with an S4 DC.