samba - Jun 2015 - Removing a Domain Controller

I am in the process of upgrading my Centos 6/Samba 4.1 AD DCs to 
Centos7/Samba 4.2, but I see from a few discussions on the list that it 
is currently not possible to remove an AD DC using samba-tool because it 
does not delete all the FSMO roles.

Can Windows tools be used to remove the DCs properly?

The Samba Wiki page  
https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_(FSMO)_roles#FSMO_role_management_using_the_Windows_GUI
has a reference to using Windows tools to manage the FSMO roles, but the 
referenced page only says that are 5 roles.

Does following this procedure to move the roles actually transfer all 7 
roles?

Is there some other way to properly remove and AD DC using Windows 
tools?

Thanks

Mike

On 12/06/15 05:00, Brady, Mike wrote:
> I am in the process of upgrading my Centos 6/Samba 4.1 AD DCs to 
> Centos7/Samba 4.2, but I see from a few discussions on the list that 
> it is currently not possible to remove an AD DC using samba-tool 
> because it does not delete all the FSMO roles.
>
> Can Windows tools be used to remove the DCs properly?
No, because even though there are 7 FSMO roles, the windows tools only 
recognise 5, they do not do anything with the two DNS Infrastructure roles.
There is a vbs script available out there on the net to move the two roles.
>
> The Samba Wiki page 
>
https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_(FSMO)_roles#FSMO_role_management_using_the_Windows_GUI
> has a reference to using Windows tools to manage the FSMO roles, but 
> the referenced page only says that are 5 roles.
>
> Does following this procedure to move the roles actually transfer all 
> 7 roles?
>
No, not at the moment.
> Is there some other way to properly remove and AD DC using Windows tools?
See above, but there is a patch pending to make samba-tool know about 
all 7 FSMO roles, you may want to browse the samba-technical list.

Rowland
>
> Thanks
>
> Mike