Samba AD DC Security and Resiliency Ideas and Recommendations

1. Optimize Virtual Machine Placement

Deploy your Samba AD DCs on containers or virtual machines (VMs) using Proxmox. Ensure each VM runs on a separate physical server within its location to avoid a single hardware failure affecting both DCs. Allocate sufficient resources (these figures look small but this can take on 1000+ users and computers):

CPU: 1 core
Memory: 512MB per DC
Disk: 10Gb with adequate I/O for replication and client load

2. Enable High Availability in Virtualization

Configure your Proxmox for high availability (HA): This ensures quick recovery of a Samba AD DC VM if a physical host in one location crashes, reducing downtime.

3. Maintain At Least Two Domain Controllers with Role Diversity

Set up at least two Samba AD DCs for redundancy.

4. Physically Separate Locations with Independent Infrastructure

Host DCs in two separate buildings or data centers with independent setups:

Power: Separate UPS and generators per site.
Network: Different ISPs or redundant WAN links.

Use a VPN or dedicated link for replication between sites and configure AD Sites and Services to reflect the physical layout.

5. Test Disaster Recovery Across Sites

Simulate a site failure (e.g., disconnect one building’s network) and confirm the remaining DC handles:

DNS resolution
User logins
Group policy updates

Caponato's Samba notebook. Start here or else Main menu