On 08/21/2019 12:31 PM, Rowland penny via samba wrote:> Though it appears that errors have occurred, everything has worked to > here. > >> Adding 1 remote DNS records for ATHENA2.edm-inc.com >> Adding DNS A record ATHENA2.edm-inc.com for IPv4 IP: 10.10.1.15 >> Join failed - cleaning up > > It is failing whilst trying to add the new DCs A record and anything > from here onwards can be ignored, it has nothing to do with the error. > > This is where you got to last time, so you know what to do to get the > join to finish.You mean comment out the python stuff?? I can't seem to find that message.? Can you give it to me again?> > Once you do get the join to finish, we need to identify what dns > records you are missing and manually create them.I'm wondering if there's a better approach to this?? I only have around 30 accounts.? Is there any way that I can just create the same domain from scratch with a fresh Samba machine and get rid of the old DCs completely?? Would all the workstations be able to join the new domain even though it would have the same name? -- Bob Wooldridge EDM Incorporated
On 21/08/2019 19:55, Robert A Wooldridge via samba wrote:> On 08/21/2019 12:31 PM, Rowland penny via samba wrote: >> Though it appears that errors have occurred, everything has worked to >> here. >> >>> Adding 1 remote DNS records for ATHENA2.edm-inc.com >>> Adding DNS A record ATHENA2.edm-inc.com for IPv4 IP: 10.10.1.15 >>> Join failed - cleaning up >> >> It is failing whilst trying to add the new DCs A record and anything >> from here onwards can be ignored, it has nothing to do with the error. >> >> This is where you got to last time, so you know what to do to get the >> join to finish. > You mean comment out the python stuff?? I can't seem to find that > message.? Can you give it to me again?I can if I have to ;-)>> >> Once you do get the join to finish, we need to identify what dns >> records you are missing and manually create them. > I'm wondering if there's a better approach to this?? I only have > around 30 accounts.? Is there any way that I can just create the same > domain from scratch with a fresh Samba machine and get rid of the old > DCs completely?? Would all the workstations be able to join the new > domain even though it would have the same name?Time for a bit of info here, the thing that really identifies an AD domain is the SID, this is in the format 'S-1-5-21-1111111111-2222222222-3333333333'. You could have two domains with the same name, but with different SIDs (note that I not saying you should do this, there would still be confusion). What I am trying to say is, you could reuse your existing domain name for a new one, but you would need to (ideally) remove your workstations from the existing domain, turn off the windows DC and then start the Samba DC. You would then need to join your workstations to the new domain. You will also need to create any required users and groups in your new domain. This is guaranteed to work, the other option of trying to fix your existing domain isn't, it probably will, but will take more time and effort. Rowland
On 08/21/2019 02:21 PM, Rowland penny via samba wrote:> I'm wondering if there's a better approach to this?? I only have > around 30 accounts.? Is there any way that I can just create the same > domain from scratch with a fresh Samba machine and get rid of the old > DCs completely?? Would all the workstations be able to join the new > domain even though it would have the same name? > > Time for a bit of info here, the thing that really identifies an AD > domain is the SID, this is in the format > 'S-1-5-21-1111111111-2222222222-3333333333'. You could have two > domains with the same name, but with different SIDs (note that I not > saying you should do this, there would still be confusion). > > What I am trying to say is, you could reuse your existing domain name > for a new one, but you would need to (ideally) remove your > workstations from the existing domain, turn off the windows DC and > then start the Samba DC. You would then need to join your workstations > to the new domain. You will also need to create any required users and > groups in your new domain.Yes, I don't see this as being too difficult.? And I could start out with the most recent supported security level, that's what I really want and need.? As well as getting off the Windoze OS and hardware game.> > This is guaranteed to work, the other option of trying to fix your > existing domain isn't, it probably will, but will take more time and > effort.Yes, this seems like a better way to go.? So I just need to shut down my Server 2003 DC (and any samba machines) and then just create the new domain.? Or should I make sure to exit each workstation from the domain first? -- Bob Wooldridge EDM Incorporated