Caponato's Notebook

I try to keep Samba servers up to date at least on a weekly basis. This is my routine:

You can locally backup your domain and save this file for disaster recovery purposes but:

• This is no replacement for a second DC
• It is useful in case of a disaster or if you inadvertently brake the AD
• A domain can be rebuild with these backup files.
• Perform a backup of each DC for redundancy purposes.
• Save your backup files in a safe place, outside of your building.
• See this article for more info
• This utility can also be run from a member server, please see the note hereunder re. required packages.

samba-tool domain backup online --targetdir=/backup/dc1/ --server=dc1 -U "MAD\Administrator"

Please be aware in recent Samba versions (>4.20) both samba-ad-provision and samba-dsdb-modules packages are needed to perform a backup. If you are running this on a DC chances are, these are already installed.

• Find and delete “tombstone” items

samba-tool domain tombstones expunge --tombstone-lifetime=0

• Check domain databases and automatically fix things.

samba-tool dbcheck --cross-ncs --fix --yes

• Visually check out-of-date-ness of DCs.

samba-tool visualize uptodateness -rS --utf8

• I also like a quick reminder or who owns the FSMO roles.

samba-tool fsmo show | cut -f1-2 -d,

• Check time service Chrony and system time

chronyc tracking && timedatectl status

• Update your machine (Not to a major Samba version! Follow this article to upgrade Samba)

apt-get update && apt-get dist-upgrade && apt autoremove -y && apt-get autoclean && apt-get clean && apt-get remove --purge $(dpkg -l | awk '/^rc/{print $2}')

It is very important to have sysvol and idmap.ldb synced from the PDC FSMO role owner.

I suggest you script this and run it on a regular basis.

Caponato's Samba notebook. Start here or else Main menu