samba - Jul 2019 - Failed Xfer of domain and forest fsmo

I have transferred all fsmo's except domain and forest.? When I attempt 
either one of these I get this error:

samba-tool fsmo transfer --role=forestdns
ERROR: Failed to delete role 'forestdns': LDAP error 50 
LDAP_INSUFFICIENT_ACCESS_RIGHTS -? <00002098: SecErr: DSID-03151D80, 
problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
 > <>

Any ideas on how to overcome this?

-- 
Bob Wooldridge
EDM Incorporated

On 19/07/2019 20:41, Robert A Wooldridge via samba
wrote:
> I have transferred all fsmo's except domain and forest.? When I 
> attempt either one of these I get this error:
>
> samba-tool fsmo transfer --role=forestdns
> ERROR: Failed to delete role 'forestdns': LDAP error 50 
> LDAP_INSUFFICIENT_ACCESS_RIGHTS -? <00002098: SecErr: DSID-03151D80, 
> problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
> > <>
>
> Any ideas on how to overcome this?
>
If you run: samba-tool fsmo transfer --help

Amongst the output is this:

 ? --role=ROLE?????????? The FSMO role to seize or transfer.
 ???????????????????????????????? .....................
 ???????????????????????????????? .................
 ???????????????????????????????? ...........
 ???????????????????????????????? above? You must provide an Admin user 
and password.


Rowland

On 07/19/2019 03:08 PM, Rowland penny via samba wrote:
> On 19/07/2019 20:41, Robert A Wooldridge via samba wrote:
>> I have transferred all fsmo's except domain and forest.? When I 
>> attempt either one of these I get this error:
>>
>> samba-tool fsmo transfer --role=forestdns
>> ERROR: Failed to delete role 'forestdns': LDAP error 50 
>> LDAP_INSUFFICIENT_ACCESS_RIGHTS -? <00002098: SecErr: DSID-03151D80,
>> problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
>> > <>
>>
>> Any ideas on how to overcome this?
>>
> If you run: samba-tool fsmo transfer --help
>
> Amongst the output is this:
>
> ? --role=ROLE?????????? The FSMO role to seize or transfer.
The role I specified is forestdns.
> .....................
> ???????????????????????????????? .................
> ???????????????????????????????? ...........
> ???????????????????????????????? above? You must provide an Admin user 
> and password.
After I provided the user and password, it failed but when I queried for 
role assignments it says the forestdns is unassigned.? So I did a seize 
and this worked.? Do I have to shutdown the DC that was the primary
before?
>
>
>
-- 
Bob Wooldridge
EDM Incorporated