I put samba on my network last week as a DC and then I transfered all 5 FSMO roles which I thought made it the PDC.? But now I'm not sure because trying to do a backup fails.? Is there a way to determine which machine is the PDC of a domain? -- Bob Wooldridge EDM Incorporated
On 23/07/2019 20:52, Robert A Wooldridge via samba wrote:> I put samba on my network last week as a DC and then I transfered all > 5 FSMO roles which I thought made it the PDC.? But now I'm not sure > because trying to do a backup fails.? Is there a way to determine > which machine is the PDC of a domain? > >A PDC doesn't have any FSMO roles, only an AD DC can hold FSMO roles and there are 7 of those: SchemaMaster InfrastructureMaster RidAllocationMaster PdcEmulationMaster DomainNamingMaster DomainDnsZonesMaster ForestDnsZonesMaster There is (as you can see above) a role called 'PDC Emulator' but this has nothing to do with a PDC. The roles do not need to be all on one DC, in fact, if you have 7 DCs, you could have an FSMO role on each DC. To see which DC holds which FSMO role, you can run on a DC: samba-tool fsmo show Rowland
On 07/23/2019 03:09 PM, Rowland penny via samba wrote:> A PDC doesn't have any FSMO roles, only an AD DC can hold FSMO roles > and there are 7 of those: > > SchemaMaster > InfrastructureMaster > RidAllocationMaster > PdcEmulationMaster > DomainNamingMaster > DomainDnsZonesMaster > ForestDnsZonesMaster > > There is (as you can see above) a role called 'PDC Emulator' but this > has nothing to do with a PDC. > > The roles do not need to be all on one DC, in fact, if you have 7 DCs, > you could have an FSMO role on each DC. > > To see which DC holds which FSMO role, you can run on a DC: > > samba-tool fsmo showYes I transferred all of the 5 roles to athena.? But when I do an online backup I get this error: Cloned domain EDM (SID S-1-5-21-3542663288-2793937080-3903977496) ERROR(<type 'exceptions.IndexError'>): uncaught exception - list index out of range ? File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in _run ??? return self.run(*args, **kwargs) ? File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", line 237, in run ??? new_sid = get_sid_for_restore(remote_sam) ? File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", line 73, in get_sid_for_restore ??? rid = int(res[0].get('rIDNextRID')[0]) -- Bob Wooldridge EDM Incorporated
On 23/07/2019 21:11, Robert A Wooldridge wrote:> > > On 07/23/2019 03:09 PM, Rowland penny via samba wrote: >> A PDC doesn't have any FSMO roles, only an AD DC can hold FSMO roles >> and there are 7 of those: >> >> SchemaMaster >> InfrastructureMaster >> RidAllocationMaster >> PdcEmulationMaster >> DomainNamingMaster >> DomainDnsZonesMaster >> ForestDnsZonesMaster >> >> There is (as you can see above) a role called 'PDC Emulator' but this >> has nothing to do with a PDC. >> >> The roles do not need to be all on one DC, in fact, if you have 7 >> DCs, you could have an FSMO role on each DC. >> >> To see which DC holds which FSMO role, you can run on a DC: >> >> samba-tool fsmo show > Yes I transferred all of the 5 roles to athena.? But when I do an > online backup I get this error:Did you actually read my last post ???? If you only transferred 5 of the roles, which of the SEVEN roles did you not transfer ?> > Cloned domain EDM (SID S-1-5-21-3542663288-2793937080-3903977496) > ERROR(<type 'exceptions.IndexError'>): uncaught exception - list index > out of range > ? File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > line 177, in _run > ??? return self.run(*args, **kwargs) > ? File > "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", line > 237, in run > ??? new_sid = get_sid_for_restore(remote_sam) > ? File > "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", line > 73, in get_sid_for_restore > ??? rid = int(res[0].get('rIDNextRID')[0])Try creating a user (you can delete it later if you don't need it), it looks like your rid pool isn't set up. Rowland
On 07/23/2019 03:16 PM, Rowland penny via samba wrote:> Did you actually read my last post ???? > > If you only transferred 5 of the roles, which of the SEVEN roles did > you not transfer ?My bad, I transferred all 7 roles: SchemaMasterRole owner: CN=NTDS Settings,CN=ATHENA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=edm-inc,DC=com InfrastructureMasterRole owner: CN=NTDS Settings,CN=ATHENA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=edm-inc,DC=com RidAllocationMasterRole owner: CN=NTDS Settings,CN=ATHENA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=edm-inc,DC=com PdcEmulationMasterRole owner: CN=NTDS Settings,CN=ATHENA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=edm-inc,DC=com DomainNamingMasterRole owner: CN=NTDS Settings,CN=ATHENA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=edm-inc,DC=com DomainDnsZonesMasterRole owner: CN=NTDS Settings,CN=ATHENA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=edm-inc,DC=com ForestDnsZonesMasterRole owner: CN=NTDS Settings,CN=ATHENA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=edm-inc,DC=com> >> >> Cloned domain EDM (SID S-1-5-21-3542663288-2793937080-3903977496) >> ERROR(<type 'exceptions.IndexError'>): uncaught exception - list >> index out of range >> ? File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", >> line 177, in _run >> ??? return self.run(*args, **kwargs) >> ? File >> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", >> line 237, in run >> ??? new_sid = get_sid_for_restore(remote_sam) >> ? File >> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", >> line 73, in get_sid_for_restore >> ??? rid = int(res[0].get('rIDNextRID')[0]) > > Try creating a user (you can delete it later if you don't need it), it > looks like your rid pool isn't set up.On which machine, the new one or the existing Windows Server? -- Bob Wooldridge EDM Incorporated