On 02/10/15 20:09, Yosel Lazaro Vera Gonzalez wrote:> > ----- Mensaje original ----- > De: "Rowland Penny" <rowlandpenny241155 at gmail.com> > Para: samba at lists.samba.org > Enviados: Viernes, 2 de Octubre 2015 3:54:04 > Asunto: Re: [Samba] transfer fsmo role using ldap > > On 02/10/15 04:27, Yosel Lazaro Vera Gonzalez wrote: >> !!!Regards >> >> Is it possible to transfer the FSMO roles using ldap? >> For example I get the schema container object using ldap, then I modify the attribute fSMORoleOwner >> I change the following value "CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com" by "CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com" >> >> Is this operation enough to transfer the schema master role to server2? >> > Why do you want to use ldap? > is there something wrong with using 'samba-tool fsmo transfer' > > Rowland > > > !!!Regards > There is no problem with samba-tool fsmo transfer > I'm developing a mini app with a simple UI to transfer roles and I'm using ldap. >It is a bit more involved that what you think, have a look at the code in fsmo.py (part of samba-tool), it might be easier to get your UI to run samba-tool instead of ldap. You should also think about 'what if the role will not transfer?' it really gets involved when it comes to seizing roles, also you have to transfer the two dns roles differently from the other 5 roles. Rowland
Note once role transfer is not really instantaneous. Not even on the host seizing the role. Once the samba-tool fsmo seize command is successful DCs need times to perform that transfer. 2015-10-02 21:26 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>:> On 02/10/15 20:09, Yosel Lazaro Vera Gonzalez wrote: > >> >> ----- Mensaje original ----- >> De: "Rowland Penny" <rowlandpenny241155 at gmail.com> >> Para: samba at lists.samba.org >> Enviados: Viernes, 2 de Octubre 2015 3:54:04 >> Asunto: Re: [Samba] transfer fsmo role using ldap >> >> On 02/10/15 04:27, Yosel Lazaro Vera Gonzalez wrote: >> >>> !!!Regards >>> >>> Is it possible to transfer the FSMO roles using ldap? >>> For example I get the schema container object using ldap, then I modify >>> the attribute fSMORoleOwner >>> I change the following value "CN=NTDS >>> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com" >>> by "CN=NTDS >>> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com" >>> >>> Is this operation enough to transfer the schema master role to >>> server2? >>> >>> Why do you want to use ldap? >> is there something wrong with using 'samba-tool fsmo transfer' >> >> Rowland >> >> >> !!!Regards >> There is no problem with samba-tool fsmo transfer >> I'm developing a mini app with a simple UI to transfer roles and I'm >> using ldap. >> >> > It is a bit more involved that what you think, have a look at the code in > fsmo.py (part of samba-tool), it might be easier to get your UI to run > samba-tool instead of ldap. You should also think about 'what if the role > will not transfer?' it really gets involved when it comes to seizing roles, > also you have to transfer the two dns roles differently from the other 5 > roles. > > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 05/10/15 08:52, mathias dufresne wrote:> Note once role transfer is not really instantaneous. Not even on the host > seizing the role. Once the samba-tool fsmo seize command is successful DCs > need times to perform that transfer. > >Role transfer and seizing are done differently, I found this out when I updated fsmo.py to work with all 7 roles. Transferring a role should be done on the DC that holds the role and should be your first attempt at moving a role. You should only try to seize a role if all else has failed. Rowland
Hi Mathias, Thanks for that information. Not knowing it could easily confuse people and make us think the transfer was not successful. regards, John On 05/10/15 18:52, mathias dufresne wrote:> Note once role transfer is not really instantaneous. Not even on the host > seizing the role. Once the samba-tool fsmo seize command is successful DCs > need times to perform that transfer. > > 2015-10-02 21:26 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>: > >> On 02/10/15 20:09, Yosel Lazaro Vera Gonzalez wrote: >> >>> ----- Mensaje original ----- >>> De: "Rowland Penny" <rowlandpenny241155 at gmail.com> >>> Para: samba at lists.samba.org >>> Enviados: Viernes, 2 de Octubre 2015 3:54:04 >>> Asunto: Re: [Samba] transfer fsmo role using ldap >>> >>> On 02/10/15 04:27, Yosel Lazaro Vera Gonzalez wrote: >>> >>>> !!!Regards >>>> >>>> Is it possible to transfer the FSMO roles using ldap? >>>> For example I get the schema container object using ldap, then I modify >>>> the attribute fSMORoleOwner >>>> I change the following value "CN=NTDS >>>> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com" >>>> by "CN=NTDS >>>> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com" >>>> >>>> Is this operation enough to transfer the schema master role to >>>> server2? >>>> >>>> Why do you want to use ldap? >>> is there something wrong with using 'samba-tool fsmo transfer' >>> >>> Rowland >>> >>> >>> !!!Regards >>> There is no problem with samba-tool fsmo transfer >>> I'm developing a mini app with a simple UI to transfer roles and I'm >>> using ldap. >>> >>> >> It is a bit more involved that what you think, have a look at the code in >> fsmo.py (part of samba-tool), it might be easier to get your UI to run >> samba-tool instead of ldap. You should also think about 'what if the role >> will not transfer?' it really gets involved when it comes to seizing roles, >> also you have to transfer the two dns roles differently from the other 5 >> roles. >> >> >> Rowland >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >>