.. Reminder for header structure:        
  Parts (H1)          : #################### with overline
  Chapters (H2)       : ******************** with overline
  Sections (H3)       : ====================
  Subsections (H4)    : --------------------
  Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^
  Paragraphs (H6)     : """""""""""""""""""""

.. |date| date::

.. meta::
  :description: Backing up and restoring a Samba domain
  :keywords: Samba-AD, documentation, backup, restoring, renaming

.. _samba_backup_restore_rename:

#######################################
Backing up and restoring a Samba domain
#######################################

***********************
Renaming a Samba domain
***********************

Renaming a domain allows you to keep all the objects of a domain, as well as the SIDs and password *hashes*. In its current state, the domain renaming tool should only be used to reproduce a domain in a test environment.
As of |date|, this feature has not yet been sufficiently tested for use in production.

Microsoft also provides a domain renaming tool, but it is not always very effective.

Since the goal here is to make a clone of the production domain for use in a test environment, we will not recover the password *hashes* (parameter ``--no-secrets``).
It will be necessary to provide both the new *NetBIOS* name and the new Kerberos name (DNS suffix).

It is important that the domain is clean in order to produce a good backup and ensure a good recovery. Therefore, a :command:`dbcheck` should be run before the backup to make sure that the database does not contain any problematic objects.
We will also run a :command:`sysvolcheck` to check that there are no ACL or GPO issues on the :file:`SYSVOL` (otherwise the backup may fail).

Renaming is done in two phases:

* First we launch a :command:`samba-tool domain backup rename` which will perform an online backup while modifying the domain name on each of the objects:

  .. code-block:: bash

    samba-tool ntacl sysvolcheck
    samba-tool dbcheck --cross-ncs
    samba-tool domain backup rename testdomain testdomain.lan --server=srvads --target-dir=/root/backup_rename_20191107/

* Then the domain is restored with a **samba-tool domain backup restore** on a machine that has been configured with the new DNS suffix:

  .. code-block:: bash

    samba-tool domain backup restore --backup-file=/root/backup_rename/samba-backup-testdom.lan-2019-11-08T23-46-56.317881.tar.bz2 --targetdir=/var/lib/samba --newservername=srvads.testdom.lan --site="Default-First-Site-Name" --host-ip=192.168.10.10