Difference between revisions of "Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD"

(Turned important admonition into a note.)
m (Fixed link)
 
(3 intermediate revisions by the same user not shown)
Line 118: Line 118:
 
= The Sysvol Share =
 
= The Sysvol Share =
  
During the join, Windows tries to replicate the Sysvol directory content from an existing domain controller (DC). Samba currently does not support the DFS-R protocol. For this reason, the new DC may not show a <code>Sysvol</code> share. To enable the share:
+
== Enabling the Sysvol Share ==
  
* Save the following content to a plain text file named <code>Win-Create-Sysvol-Share.reg</code> using a text editor such as "Notepad" or "Editor" (not Word/Wordpad/OpenOffice/LibreOffice/etc.):
+
If you used a Samba domain controller (DC) as replication partner, the <code>Sysvol</code> share is not enabled. For details how to verify and enable the share, see [[Enabling the Sysvol Share on a Windows DC]].
  
Windows Registry Editor Version 5.00
 
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
 
 
"SysvolReady"=dword:00000001
 
  
* Log in using an account that is member of the local <code>Administrators</code> group.
 
  
* Double-click the file to import it to the Windows registry.
+
== Sysvol Replication ==
 
 
* Reboot to take the changes effect.
 
 
 
 
 
 
 
== Sysvol replication ==
 
  
 
Samba currently does not support the DFS-R protocol required for Sysvol replication. Please manually synchronise the content between domain controllers (DC) or use a workaround such as [[Robocopy_based_SysVol_replication_workaround|Robocopy-based Sysvol Replication]].
 
Samba currently does not support the DFS-R protocol required for Sysvol replication. Please manually synchronise the content between domain controllers (DC) or use a workaround such as [[Robocopy_based_SysVol_replication_workaround|Robocopy-based Sysvol Replication]].

Latest revision as of 14:07, 18 May 2017

Introduction

You can join Windows Server 2008 and 2008 R2 as an domain controller (DC) to a Samba Active Directory (AD).

If you want to join a computer running a Windows Server operating system as a domain member, see Joining a Windows Client or Server to a Domain.



Network Configuration

  • Click the Start button, search for View network connections, and open the search entry.
  • Right-click to your network adapter and select Properties.
  • Configure the IP settings:
  • Assign a static IP address, enter the subnet mask, and default gateway.
  • Enter the IP of a DNS server that is able to resolve the Active Directory (AD) DNS zone.
  • Click OK to save the settings.



Date and Time Settings

Active Directory uses Kerberos for authentication. Kerberos requires that the domain member and the domain controllers (DC) are having a synchronous time. If the difference exceeds 5 minutes (default), the client is not able to access domain resources for security reasons.

Before you join the domain, check the time configuration:

  • Open the Control Panel.
  • Navigrate to Clock, Language and Region.
  • Click Date and Time.
  • Verify the date, time, and time zone settings. Adjust the settings, if necessary.
  • Click OK to save the changes.



Joining the Windows Server to the Domain

  • Select Start / Run, enter dcpromo.exe and click OK.
  • Windows Server automatically installs missing features, if necessary:
Join Win2008R2 dcpromo install.png
  • Check Use advanced mode installation to display additional options in later steps. Click OK.
  • Read the Operating System Compatibility information and click Next.
  • Select Existing forest / Add a domain controller to an existing domain, and click Next.
  • Enter the Samba Active Directory (AD) domain name and credentials that are enabled to join a domain controller (DC) to the domain, such as the domain administrator account. Click Next.
  • Select the domain to join and click Next.
  • If AD sites are configured, select the site to join. Otherwise continue using the Default-First-Site-Name site. Click Next.
  • Select the options to enable on the new DC and click Next.
Join Win2008R2 DC Options.png
  • If you enabled the DNS server option in the previous step, you may see a note, that a delegation for this DNS server cannot be created. Click Yes to continue.
Join Win2008R2 DNS Delegation Failed.png
  • Select Replicate data over the network from an existing domain controller and click Next.
  • Select a DC as source for the initial directory replication or let the installation wizard choose an appropriate DC. Click Next.
  • Set the folders for the AD database, log files and the Sysvol folder. Click Next.
  • Set a Directory Service Restore Mode Administrator Password (DSRM). It is required to boot the Windows DC in safe-mode to restore or repair the AD. Click Next.
  • Verify your settings and click Next to start the DC promotion.
  • The wizard starts the installation, replicates the directory, and so on.
Join Win2008R2 Join Process.png
  • After the wizard completed click Finish.
  • Restart the computer.

The Windows server now acts as an AD DC.



Verifying Directory Replication

See Displaying the Replication Statuses on a Windows DC.



The Sysvol Share

Enabling the Sysvol Share

If you used a Samba domain controller (DC) as replication partner, the Sysvol share is not enabled. For details how to verify and enable the share, see Enabling the Sysvol Share on a Windows DC.


Sysvol Replication

Samba currently does not support the DFS-R protocol required for Sysvol replication. Please manually synchronise the content between domain controllers (DC) or use a workaround such as Robocopy-based Sysvol Replication.