Difference between revisions of "Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD"

(Initial version of a "How to join Win 2008 as a DC to a Samba AD")
 
m (Fixed link)
 
(34 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
= Introduction =
 
= Introduction =
  
For various reasons user may find themself in a situation, to add a Windows Server 2008 / 2008 R2 as a <u>Domain Controller</u> to their Samba based Active Directory. This process differs from simply joining a Windows Server as a [[Joining_a_Windows_Client_to_a_Domain|Member Server]].
+
You can join Windows Server 2008 and 2008 R2 as an domain controller (DC) to a Samba Active Directory (AD).
  
This documentation is valid only for Microsoft Windows Server 2008 and 2008 R2!
+
If you want to join a computer running a Windows Server operating system as a domain member, see [[Joining_a_Windows_Client_or_Server_to_a_Domain|Joining a Windows Client or Server to a Domain]].
  
  
  
== Server information ==
 
  
This documentation uses the following configurations/settings:
 
  
'''Existing Samba DCs in the domain:'''
+
= Network Configuration =
Domain Controllers:            DC1 (10.99.0.1), DC2 (10.99.0.2)
 
DCs act also as a DNS server:  yes
 
 
'''Domain information:'''
 
DNS Domain Name:              samdom.example.com
 
NT4 Domain Name (NETBIOS):    SAMDOM
 
DNS Servers:                  10.99.0.1, 10.99.0.2
 
Domain Administrator:          Administrator
 
Domain Administrator Password: passw0rd
 
 
'''Windows DC additionally joined to the domain:'''
 
Hostname:                      DC3
 
IP Address:                    10.99.0.3
 
Operating System:              Microsoft Windows Server 2008 R2
 
  
 +
* Click the <code>Start</code> button, search for <code>View network connections</code>, and open the search entry.
  
 +
* Right-click to your network adapter and select <code>Properties</code>.
  
 +
* Configure the IP settings:
 +
:* Assign a static IP address, enter the subnet mask, and default gateway.
 +
:* Enter the IP of a DNS server that is able to resolve the Active Directory (AD) DNS zone.
  
 +
* Click <code>OK</code> to save the settings.
  
= Installation / Preparation =
 
  
== General ==
 
  
* Install Windows Server 2008 R2
 
  
  
 +
= Date and Time Settings =
  
== Configure network ==
+
Active Directory uses Kerberos for authentication. Kerberos requires that the domain member and the domain controllers (DC) are having a synchronous time. If the difference exceeds [http://technet.microsoft.com/en-us/library/cc779260%28v=ws.10%29.aspx 5 minutes] (default), the client is not able to access domain resources for security reasons.
  
* Search the Control Panel for „Network and Sharing Center“
+
Before you join the domain, check the time configuration:
  
* Click „Change adapter settings“
+
* Open the <code>Control Panel</code>.
  
* Right-click to your network connection and choose „properties“
+
* Navigrate to <code>Clock, Language and Region</code>.
  
* Configure the IP properties. Make sure, that you use a DNS server, that is authoritative for your AD DNS domain!
+
* Click <code>Date and Time</code>.
  
:[[Image:Join_Win2008R2_IP_Configuration.png]]
+
* Verify the date, time, and time zone settings. Adjust the settings, if necessary.
  
 +
* Click <code>OK</code> to save the changes.
  
  
== Date and time settings ==
 
  
Active Directory uses Kerberos for authentication, which relies on a fairly consistent time across the network. This makes it necessary, that, before you can join the server to the Domain, the time does not differ more than [http://technet.microsoft.com/en-us/library/cc779260%28v=ws.10%29.aspx 5 minutes] (default setting in an AD) to your other Domain Controllers.
 
  
* Search the Control Panel for „Date and Time“
 
  
* Check your date, time and time zone settings.
+
= Joining the Windows Server to the Domain =
  
 +
* Select <code>Start</code> / <code>Run</code>, enter <code>dcpromo.exe</code> and click <code>OK</code>.
  
 
+
* Windows Server automatically installs missing features, if necessary:
 
 
 
 
= Joining the Domain =
 
 
 
* Click „Start“ / „Run“, enter „dcpromo.exe“ and click „OK“.
 
 
 
* Windows Server checks if the necessary features are already installed. If not, they will.
 
  
 
:[[Image:Join_Win2008R2_dcpromo_install.png]]
 
:[[Image:Join_Win2008R2_dcpromo_install.png]]
  
* Check the option „Use advanced mode installation“. This mode displays some additional options, that may be useful, like specifying an initial DC to replicate from. To continue click „Next“.
+
* Check <code>Use advanced mode installation</code> to display additional options in later steps. Click <code>OK</code>.
  
* Read the „Operating System Compatibility“ information and click „Next“.
+
* Read the <code>Operating System Compatibility</code> information and click <code>Next</code>.
  
* Choose „Existing forest“ / „Add a domain controller to an existing domain“ and click „Next“.
+
* Select <code>Existing forest</code> / <code>Add a domain controller to an existing domain</code>, and click <code>Next</code>.
  
:[[Image:Join_win2008R2_Deployment_Configuration.png]]
+
* Enter the Samba Active Directory (AD) domain name and credentials that are enabled to join a domain controller (DC) to the domain, such as the domain administrator account. Click <code>Next</code>.
  
* Enter the domain name and credentials of an account that is allowed to join a Domain Controller to the Domain (e. g. Domain Administrator). Afterwards click „Next“.
+
* Select the domain to join and click <code>Next</code>.
  
:[[Image:Join_Win2008R2_Network_Credentials.png]]
+
* If AD sites are configured, select the site to join. Otherwise continue using the <code>Default-First-Site-Name</code> site. Click <code>Next</code>.
  
* If your forest contains multiple domains, the „Select a Domain“ window will list all domains and you have to choose the one, you want to join and then click „Next“.
+
* Select the options to enable on the new DC and click <code>Next</code>.
 
 
:[[Image:Join_Win2008R2_Select_Domain.png]]
 
 
 
* Select the AD Site for the new Domain Controller. If you haven't configured AD Sites, choose the default („Default-First-Site-Name“) and click „Next“.
 
 
 
:[[Image:Join_Win2008R2_Select_Site.png]]
 
 
 
* Decite the options of the new Domain Controller and click „Next“. If you install the DNS server option, make sure, that there is at least one DNS server in your network configuration, that is authoritative for the DNS zone of this domain. An appropriate message is shown in the information box. We assume here, to install the new DC with „DNS server“ and „Global catalog“.
 
  
 
:[[Image:Join_Win2008R2_DC_Options.png]]
 
:[[Image:Join_Win2008R2_DC_Options.png]]
  
* If you receive a message, that a delegation for this DNS server cannot be created, continue by clicking „Yes“.
+
* If you enabled the <code>DNS server</code> option in the previous step, you may see a note, that a delegation for this DNS server cannot be created. Click <code>Yes</code> to continue.
  
 
:[[Image:Join_Win2008R2_DNS_Delegation_Failed.png]]
 
:[[Image:Join_Win2008R2_DNS_Delegation_Failed.png]]
  
* In the „Install from Media“ window, choose to „replicate the data over the network from an existing Domain Controller“ and click „Next“.
+
* Select <code>Replicate data over the network from an existing domain controller</code> and click <code>Next</code>.
  
:[[Image:Join_win2008R2_Install_From_Media.png]]
+
* Select a DC as source for the initial directory replication or let the installation wizard choose an appropriate DC. Click <code>Next</code>.
  
* Choose one of the existing DCs to replicate from or let the wizzard do. Then click „Next“.
+
* Set the folders for the AD database, log files and the Sysvol folder. Click <code>Next</code>.
  
:[[Image:Join_Win2008R2_Choose_DC_For_Replication.png]]
+
* Set a Directory Service Restore Mode Administrator Password (DSRM). It is required to boot the Windows DC in safe-mode to restore or repair the AD. Click <code>Next</code>.
  
* Define the folders for the AD database, logs and SysVol and click „Next“
+
* Verify your settings and click <code>Next</code> to start the DC promotion.
  
:[[Image:Join_win2008R2_Folder_Locations.png]]
+
* The wizard starts the installation, replicates the directory, and so on.
 
 
* Set a Directory Service Restore Mode Administrator Passwort. The DSRM passwort is used to boot the Windows DC in a safe-mode, to restore or repair the AD. To continue click „Next“.
 
 
 
:[[Image:Join_win2008R2_DSRM_Password.png]]
 
 
 
* A summery is displayed. Verify your settings and click „Next“ to start the Domain Controller promotion process.
 
 
 
* The wizzard begins to install options, replicate the directory, etc. Depending on the size of your directory and your bandwitdh, this may take some time.
 
  
 
:[[Image:Join_Win2008R2_Join_Process.png]]
 
:[[Image:Join_Win2008R2_Join_Process.png]]
  
* [[Check_and_fix_DNS_entries_on_DC_joins|Check if all important DNS records exists]]. If not, [[Check_and_fix_DNS_entries_on_DC_joins|add them manually]]. '''It's an important step for a healthy and working replication!'''
+
* Verify that all DC related DNS records have been created during the promotion. See [[Verifying and Creating a DC DNS Record|Verifying and Creating a DC DNS Record]].
 
+
:{{Imbox
* After the wizzard has completed, click „Finish“ and restart the new Domain Controller.
+
| type = important
 
+
| text = Do not continue without verifying the DNS records. They must exist for a working directory replication!
:[[Image:Join_win2008R2_Join_Completed.png]]
+
}}
 
 
* The Windows Server is now joined as a Domain Controller.
 
 
 
  
 +
* After the wizard completed click <code>Finish</code>.
  
 +
* Restart the computer.
  
 +
The Windows server now acts as an AD DC.
  
= Directory replication =
 
  
A few minutes after startup, connections with other DCs will be established automatically and replication begins. On a Samba DC, this can be verified by
 
  
'''# samba-tool drs showrepl'''
 
Default-First-Site-Name\DC1
 
DSA Options: 0x00000001
 
DSA object GUID: 4a6bd92a-6612-4b15-aa8c-9ec371e8994f
 
DSA invocationId: 96bc0d6f-9cea-4011-b9a1-0e9971009b20
 
 
==== INBOUND NEIGHBORS ====
 
 
DC=DomainDnsZones,DC=samdom,DC=example,DC=com
 
        Default-First-Site-Name\DC2 via RPC
 
                DSA object GUID: c14a774f-9732-4ec2-b9fa-2156c95c4e48
 
                Last attempt @ Sat Dec 20 10:35:19 2014 CET was successful
 
                0 consecutive failure(s).
 
                Last success @ Sat Dec 20 10:35:19 2014 CET
 
 
DC=DomainDnsZones,DC=samdom,DC=example,DC=com
 
        Default-First-Site-Name\<u>DC3</u> via RPC
 
                DSA object GUID: dfaec3fb-7546-4153-ba01-605e5efa27f9
 
                Last attempt @ NTTIME(0) was successful
 
                0 consecutive failure(s).
 
                Last success @ NTTIME(0)
 
 
DC=ForestDnsZones,DC=samdom,DC=example,DC=com
 
        Default-First-Site-Name\DC2 via RPC
 
                DSA object GUID: c14a774f-9732-4ec2-b9fa-2156c95c4e48
 
                Last attempt @ Sat Dec 20 10:35:19 2014 CET was successful
 
                0 consecutive failure(s).
 
                Last success @ Sat Dec 20 10:35:19 2014 CET
 
 
DC=ForestDnsZones,DC=samdom,DC=example,DC=com
 
        Default-First-Site-Name\<u>DC3</u> via RPC
 
                DSA object GUID: dfaec3fb-7546-4153-ba01-605e5efa27f9
 
                Last attempt @ NTTIME(0) was successful
 
                0 consecutive failure(s).
 
                Last success @ NTTIME(0)
 
 
DC=samdom,DC=example,DC=com
 
        Default-First-Site-Name\DC2 via RPC
 
                DSA object GUID: c14a774f-9732-4ec2-b9fa-2156c95c4e48
 
                Last attempt @ Sat Dec 20 10:35:20 2014 CET was successful
 
                0 consecutive failure(s).
 
                Last success @ Sat Dec 20 10:35:20 2014 CET
 
 
DC=samdom,DC=example,DC=com
 
        Default-First-Site-Name\<u>DC3</u> via RPC
 
                DSA object GUID: dfaec3fb-7546-4153-ba01-605e5efa27f9
 
                Last attempt @ Sat Dec 20 10:35:09 2014 CET was successful
 
                0 consecutive failure(s).
 
                Last success @ Sat Dec 20 10:35:09 2014 CET
 
 
CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com
 
        Default-First-Site-Name\DC2 via RPC
 
                DSA object GUID: c14a774f-9732-4ec2-b9fa-2156c95c4e48
 
                Last attempt @ Sat Dec 20 10:35:16 2014 CET was successful
 
                0 consecutive failure(s).
 
                Last success @ Sat Dec 20 10:35:16 2014 CET
 
 
CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com
 
        Default-First-Site-Name\<u>DC3</u> via RPC
 
                DSA object GUID: dfaec3fb-7546-4153-ba01-605e5efa27f9
 
                Last attempt @ Sat Dec 20 10:35:10 2014 CET was successful
 
                0 consecutive failure(s).
 
                Last success @ Sat Dec 20 10:35:10 2014 CET
 
 
CN=Configuration,DC=samdom,DC=example,DC=com
 
        Default-First-Site-Name\DC2 via RPC
 
                DSA object GUID: c14a774f-9732-4ec2-b9fa-2156c95c4e48
 
                Last attempt @ Sat Dec 20 10:35:17 2014 CET was successful
 
                0 consecutive failure(s).
 
                Last success @ Sat Dec 20 10:35:17 2014 CET
 
 
CN=Configuration,DC=samdom,DC=example,DC=com
 
        Default-First-Site-Name\<u>DC3</u> via RPC
 
                DSA object GUID: dfaec3fb-7546-4153-ba01-605e5efa27f9
 
                Last attempt @ Sat Dec 20 10:35:11 2014 CET was successful
 
                0 consecutive failure(s).
 
                Last success @ Sat Dec 20 10:35:11 2014 CET
 
 
==== OUTBOUND NEIGHBORS ====
 
 
DC=DomainDnsZones,DC=samdom,DC=example,DC=com
 
        Default-First-Site-Name\<u>DC3</u> via RPC
 
                DSA object GUID: dfaec3fb-7546-4153-ba01-605e5efa27f9
 
                Last attempt @ Sat Dec 20 10:35:17 2014 CET was successful
 
                0 consecutive failure(s).
 
                Last success @ Sat Dec 20 10:35:17 2014 CET
 
 
DC=DomainDnsZones,DC=samdom,DC=example,DC=com
 
        Default-First-Site-Name\DC2 via RPC
 
                DSA object GUID: c14a774f-9732-4ec2-b9fa-2156c95c4e48
 
                Last attempt @ NTTIME(0) was successful
 
                0 consecutive failure(s).
 
                Last success @ NTTIME(0)
 
 
DC=ForestDnsZones,DC=samdom,DC=example,DC=com
 
        Default-First-Site-Name\<u>DC3</u> via RPC
 
                DSA object GUID: dfaec3fb-7546-4153-ba01-605e5efa27f9
 
                Last attempt @ Sat Dec 20 10:35:17 2014 CET was successful
 
                0 consecutive failure(s).
 
                Last success @ Sat Dec 20 10:35:17 2014 CET
 
 
DC=ForestDnsZones,DC=samdom,DC=example,DC=com
 
        Default-First-Site-Name\DC2 via RPC
 
                DSA object GUID: c14a774f-9732-4ec2-b9fa-2156c95c4e48
 
                Last attempt @ NTTIME(0) was successful
 
                0 consecutive failure(s).
 
                Last success @ NTTIME(0)
 
 
DC=samdom,DC=example,DC=com
 
        Default-First-Site-Name\<u>DC3</u> via RPC
 
                DSA object GUID: dfaec3fb-7546-4153-ba01-605e5efa27f9
 
                Last attempt @ Sat Dec 20 10:34:26 2014 CET was successful
 
                0 consecutive failure(s).
 
                Last success @ Sat Dec 20 10:34:26 2014 CET
 
 
DC=samdom,DC=example,DC=com
 
        Default-First-Site-Name\DC2 via RPC
 
                DSA object GUID: c14a774f-9732-4ec2-b9fa-2156c95c4e48
 
                Last attempt @ NTTIME(0) was successful
 
                0 consecutive failure(s).
 
                Last success @ NTTIME(0)
 
 
CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com
 
        Default-First-Site-Name\<u>DC3</u> via RPC
 
                DSA object GUID: dfaec3fb-7546-4153-ba01-605e5efa27f9
 
                Last attempt @ Sat Dec 20 10:34:26 2014 CET was successful
 
                0 consecutive failure(s).
 
                Last success @ Sat Dec 20 10:34:26 2014 CET
 
 
CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com
 
        Default-First-Site-Name\DC2 via RPC
 
                DSA object GUID: c14a774f-9732-4ec2-b9fa-2156c95c4e48
 
                Last attempt @ NTTIME(0) was successful
 
                0 consecutive failure(s).
 
                Last success @ NTTIME(0)
 
 
CN=Configuration,DC=samdom,DC=example,DC=com
 
        Default-First-Site-Name\<u>DC3</u> via RPC
 
                DSA object GUID: dfaec3fb-7546-4153-ba01-605e5efa27f9
 
                Last attempt @ Sat Dec 20 10:34:21 2014 CET was successful
 
                0 consecutive failure(s).
 
                Last success @ Sat Dec 20 10:34:21 2014 CET
 
 
CN=Configuration,DC=samdom,DC=example,DC=com
 
        Default-First-Site-Name\DC2 via RPC
 
                DSA object GUID: c14a774f-9732-4ec2-b9fa-2156c95c4e48
 
                Last attempt @ NTTIME(0) was successful
 
                0 consecutive failure(s).
 
                Last success @ NTTIME(0)
 
 
==== KCC CONNECTION OBJECTS ====
 
 
Connection --
 
        Connection name: 04baf417-eb41-4f31-a5f1-c739f0e92b1b
 
        Enabled        : TRUE
 
        Server DNS name : DC2.samdom.example.com
 
        Server DN name  : CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
 
                TransportType: RPC
 
                options: 0x00000001
 
Warning: No NC replicated for Connection!
 
Connection --
 
        Connection name: f55bce90-d458-400a-a4ca-801c3e64bef3
 
        Enabled        : TRUE
 
        Server DNS name : <u>DC3</u>.samdom.example.com
 
        Server DN name  : CN=NTDS Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
 
                TransportType: RPC
 
                options: 0x00000001
 
Warning: No NC replicated for Connection!
 
  
'''Depending on your replication settings - if defined - it may take a few minutes until all connections are established. So please be patient!''' On the long shot that the outbound connections aren't established automatically - even not after several minutes - you can force the replication (generally not necessary!). See [[Samba-tool_drs_replicate|samba-tool drs replicate]].
 
  
''Note about the„Warning: No NC replicated for Connection!“ line: It can be safely ignored. See [[FAQ#Message:_Warning:_No_NC_replicated_for_Connection.21|FAQ: Message: Warning: No NC replicated for Connection!]]''
+
= Verifying Directory Replication =
  
 +
See [[Verifying_the_Directory_Replication_Statuses#Displaying_the_Replication_Statuses_on_a_Windows_DC|Displaying the Replication Statuses on a Windows DC]].
  
 +
{{Imbox
 +
| type = note
 +
| text = To optimize replication latency and cost, the knowledge consistency checker (KCC) on Windows DCs do not create a fully-meshed replication topology between all DCs. For further details, see [[The Samba KCC]].
 +
}}
  
  
= SysVol share =
 
  
During the join, Windows tries to retrieve the SysVol content from an other Domain Controller. But Samba currently doesn't support SysVol replication (FSR) yet. This causes, that the new Windows DC, doesn't share the SysVol folder.
 
  
The folder isn't shared like other folders in Windows. If there is no „SysVol“ share, when you enter \\Hostname („\\DC3“ in this example), change the registry value of „SysvolReady“ in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\
 
to „1“. The share will be visible after the next refresh ([F5]).
 
  
 +
= The Sysvol Share =
  
 +
== Enabling the Sysvol Share ==
  
 +
If you used a Samba domain controller (DC) as replication partner, the <code>Sysvol</code> share is not enabled. For details how to verify and enable the share, see [[Enabling the Sysvol Share on a Windows DC]].
  
  
= SysVol replication =
 
  
Currently replication of the SysVol share via FSR isn't implemented in Samba. If you make changes on that share, you have to keep them in sync on all your Domain Controllers, including ACLs! An example, how to achieve this, is provided in the [[SysVol_Replication_between_Samba_and_Windows|SysVol replication between Samba and Windows]] documentation.
+
== Sysvol Replication ==
  
 +
Samba currently does not support the DFS-R protocol required for Sysvol replication. Please manually synchronise the content between domain controllers (DC) or use a workaround such as [[Robocopy_based_SysVol_replication_workaround|Robocopy-based Sysvol Replication]].
  
  
  
  
= Testing directory replication =
 
  
To check that replication is working correctly between your domain controllers, try adding/modifying e. g. a user on one DC using either the Samba command line tools or the Windows GUI admin tools. Then check that the changes shows up within a few seconds on the new Domain Controller.
+
----
 +
[[Category:Active Directory]]
 +
[[Category:Domain Control]]

Latest revision as of 14:07, 18 May 2017

Introduction

You can join Windows Server 2008 and 2008 R2 as an domain controller (DC) to a Samba Active Directory (AD).

If you want to join a computer running a Windows Server operating system as a domain member, see Joining a Windows Client or Server to a Domain.



Network Configuration

  • Click the Start button, search for View network connections, and open the search entry.
  • Right-click to your network adapter and select Properties.
  • Configure the IP settings:
  • Assign a static IP address, enter the subnet mask, and default gateway.
  • Enter the IP of a DNS server that is able to resolve the Active Directory (AD) DNS zone.
  • Click OK to save the settings.



Date and Time Settings

Active Directory uses Kerberos for authentication. Kerberos requires that the domain member and the domain controllers (DC) are having a synchronous time. If the difference exceeds 5 minutes (default), the client is not able to access domain resources for security reasons.

Before you join the domain, check the time configuration:

  • Open the Control Panel.
  • Navigrate to Clock, Language and Region.
  • Click Date and Time.
  • Verify the date, time, and time zone settings. Adjust the settings, if necessary.
  • Click OK to save the changes.



Joining the Windows Server to the Domain

  • Select Start / Run, enter dcpromo.exe and click OK.
  • Windows Server automatically installs missing features, if necessary:
Join Win2008R2 dcpromo install.png
  • Check Use advanced mode installation to display additional options in later steps. Click OK.
  • Read the Operating System Compatibility information and click Next.
  • Select Existing forest / Add a domain controller to an existing domain, and click Next.
  • Enter the Samba Active Directory (AD) domain name and credentials that are enabled to join a domain controller (DC) to the domain, such as the domain administrator account. Click Next.
  • Select the domain to join and click Next.
  • If AD sites are configured, select the site to join. Otherwise continue using the Default-First-Site-Name site. Click Next.
  • Select the options to enable on the new DC and click Next.
Join Win2008R2 DC Options.png
  • If you enabled the DNS server option in the previous step, you may see a note, that a delegation for this DNS server cannot be created. Click Yes to continue.
Join Win2008R2 DNS Delegation Failed.png
  • Select Replicate data over the network from an existing domain controller and click Next.
  • Select a DC as source for the initial directory replication or let the installation wizard choose an appropriate DC. Click Next.
  • Set the folders for the AD database, log files and the Sysvol folder. Click Next.
  • Set a Directory Service Restore Mode Administrator Password (DSRM). It is required to boot the Windows DC in safe-mode to restore or repair the AD. Click Next.
  • Verify your settings and click Next to start the DC promotion.
  • The wizard starts the installation, replicates the directory, and so on.
Join Win2008R2 Join Process.png
  • After the wizard completed click Finish.
  • Restart the computer.

The Windows server now acts as an AD DC.



Verifying Directory Replication

See Displaying the Replication Statuses on a Windows DC.



The Sysvol Share

Enabling the Sysvol Share

If you used a Samba domain controller (DC) as replication partner, the Sysvol share is not enabled. For details how to verify and enable the share, see Enabling the Sysvol Share on a Windows DC.


Sysvol Replication

Samba currently does not support the DFS-R protocol required for Sysvol replication. Please manually synchronise the content between domain controllers (DC) or use a workaround such as Robocopy-based Sysvol Replication.