Alright... appreciate the info. Gave it a shot. Domain is still up but
shares are down because they were hosted on FILER which has now been
demoted and is no longer running any samba services.
What I did while following the wiki "Transfer/Seize FSMO Roles":
1) logged on to FILER, ran samba-tool fsmo show, verified all 7 roles were
owned by FILER.
2) logged on to CBADC01, executed samba-tool fsmo transfer --role=all -U
administrator --realm=cb.cliffbells.com which succeeded.
3) ran samba-tool fsmo show again on FILER, verified all 7 roles were now
owned by CBADC01.
4) ran samba-tool drs showrepl on FILER, replication succeded after
transferring fsmo roles.
5) ran samba-tool domain demote -Uadministrator on FILER.
6) shut down samba on FILER, removed smb.conf, removed initscript
7) followed guidelines to cleanup any remaining references to FILER, it
existed in AD Sites and Services, I removed it. I did not delete DNS
references as FILER is critical in this network and must remain accessible.
8) rebooted FILER and CBADC01
Currently AD is allowing users to login to computers, all shares are dead
because FILER isn't providing them and I can't set it up as a Domain
Member
to provide the shares again because CBADC01 is missing 3 of 7 fsmoroleowner
entries. I think I have empty fSMORoleOwner attributes as discussed here:
https://lists.samba.org/archive/samba-technical/2016-January/111516.html
Here's where I'm at:
sudo /usr/local/samba/bin/samba-tool fsmo show
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No
such element'
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 390, in run
infrastructureMaster = get_fsmo_roleowner(samdb, infrastructure_dn)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 42, in get_fsmo_roleowner
master_owner = res[0]["fSMORoleOwner"][0]
sudo /usr/local/samba/bin/samba-tool dbcheck --fix --cross-ncs
Checking 3527 objects
ERROR: fSMORoleOwner not found for role CN=RID
Manager$,CN=System,DC=cb,DC=cliffbells,DC=com
Sieze role CN=RID Manager$,CN=System,DC=cb,DC=cliffbells,DC=com onto
current DC by adding fSMORoleOwner=CN=NTDS
Settings,CN=CBADC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbells,DC=com
[y/N/all/none] y
Failed to sieze role CN=RID Manager$,CN=System,DC=cb,DC=cliffbells,DC=com
onto current DC by adding fSMORoleOwner=CN=NTDS
Settings,CN=CBADC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbells,DC=com
: (20, 'SINGLE-VALUE attribute fSMORoleOwner on CN=RID
Manager$,CN=System,DC=cb,DC=cliffbells,DC=com specified more than once')
ERROR: fSMORoleOwner not found for role
CN=Infrastructure,DC=cb,DC=cliffbells,DC=com
Sieze role CN=Infrastructure,DC=cb,DC=cliffbells,DC=com onto current DC by
adding fSMORoleOwner=CN=NTDS
Settings,CN=CBADC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbells,DC=com
[y/N/all/none] y
Failed to sieze role CN=Infrastructure,DC=cb,DC=cliffbells,DC=com onto
current DC by adding fSMORoleOwner=CN=NTDS
Settings,CN=CBADC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbells,DC=com
: (20, 'SINGLE-VALUE attribute fSMORoleOwner on
CN=Infrastructure,DC=cb,DC=cliffbells,DC=com specified more than once')
Checked 3527 objects (2 errors)
itwerks at cbadc01:~$ sudo /usr/local/samba/bin/samba-tool fsmo seize
--role=rid --force -U administrator --realm=cb.cliffbells.com
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No
such element'
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 353, in run
self.seize_role(role, samdb, force)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 255, in seize_role
master_owner = get_fsmo_roleowner(samdb, m.dn)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 42, in get_fsmo_roleowner
master_owner = res[0]["fSMORoleOwner"][0]
sudo /usr/local/samba/bin/samba-tool fsmo seize --role=infrastructure
--force -U administrator --realm=cb.cliffbells.com
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No
such element'
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 353, in run
self.seize_role(role, samdb, force)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 255, in seize_role
master_owner = get_fsmo_roleowner(samdb, m.dn)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 42, in get_fsmo_roleowner
master_owner = res[0]["fSMORoleOwner"][0]
sudo /usr/local/samba/bin/samba-tool fsmo seize --role=domaindns --force
-U administrator --realm=cb.cliffbells.com
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No
such element'
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 351, in run
versionopts, force)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 301, in seize_dns_role
master_owner = get_fsmo_roleowner(samdb, m.dn)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 42, in get_fsmo_roleowner
master_owner = res[0]["fSMORoleOwner"][0]
sudo /usr/local/samba/bin/samba-tool fsmo seize --role=forestdns --force -U
administrator --realm=cb.cliffbells.com
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No
such element'
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 351, in run
versionopts, force)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 301, in seize_dns_role
master_owner = get_fsmo_roleowner(samdb, m.dn)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 42, in get_fsmo_roleowner
master_owner = res[0]["fSMORoleOwner"][0]
I guess I need ldiffs for these, client will be down on a Monday.
JS
On Sun, Mar 27, 2016 at 5:02 AM, Rowland penny <rpenny at samba.org>
wrote:
> On 27/03/16 07:25, IT Admin wrote:
>
>> I ran ldbsearch on my sam.ldb
>> I searched for CBADC02, CBADC03, and TESTES (all VMs that fail to join
>> domain), results are below:
>>
>>
>> CBADC02 shows up a few times:
>>
>> # record 1906
>> dn:
>>
>>
CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec9,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu$
>> objectClass: top
>> objectClass: server
>> instanceType: 4
>> whenCreated: 20160310044543.0Z
>> uSNCreated: 4215
>> objectGUID: de85228c-f92b-4d5d-9d6a-01c3f915dec9
>> systemFlags: 1375731712
>> dNSHostName: cbadc02.cb.cliffbells.com
>> cn:: Q0JBREMwMgpERUw6ZGU4NTIyOGMtZjkyYi00ZDVkLTlkNmEtMDFjM2Y5MTVkZWM5
>> isDeleted: TRUE
>> name:: Q0JBREMwMgpERUw6ZGU4NTIyOGMtZjkyYi00ZDVkLTlkNmEtMDFjM2Y5MTVkZWM5
>> lastKnownParent:
>> CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configurati
>> on,DC=cb,DC=cliffbells,DC=com
>> isRecycled: TRUE
>> whenChanged: 20160319092438.0Z
>> uSNChanged: 4261
>> distinguishedName:
>> CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec9,CN=Se
>>
>>
rvers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbell
>> s,DC=com
>>
>>
>> # record 2372
>> dn: CN=NTDS
>>
>>
Settings\0ADEL:a5d3b626-e936-4a65-97bc-cade176d1b10,CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec$
>> objectClass: top
>> objectClass: applicationSettings
>> objectClass: nTDSDSA
>> instanceType: 4
>> whenCreated: 20160310044546.0Z
>> uSNCreated: 4214
>> objectGUID: a5d3b626-e936-4a65-97bc-cade176d1b10
>> systemFlags: 33554432
>> cn::
>>
TlREUyBTZXR0aW5ncwpERUw6YTVkM2I2MjYtZTkzNi00YTY1LTk3YmMtY2FkZTE3NmQxYjEw
>> isDeleted: TRUE
>> name::
>> TlREUyBTZXR0aW5ncwpERUw6YTVkM2I2MjYtZTkzNi00YTY1LTk3YmMtY2FkZTE3NmQxYjE
>> w
>> isRecycled: TRUE
>> whenChanged: 20160319092438.0Z
>> uSNChanged: 4259
>> distinguishedName: CN=NTDS
>> Settings\0ADEL:a5d3b626-e936-4a65-97bc-cade176d1b10
>>
>>
,CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec9,CN=Servers,CN=Default-
>> First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbells,DC=com
>>
>>
>>
>> # record 3275
>> dn: CN=CBADC02\0ADEL:b34ccfd9-0f88-4f7b-8c00-3296ed92507d,CN=Deleted
>> Objects,DC=cb,DC=cliffbells,DC=com
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: user
>> objectClass: computer
>> instanceType: 4
>> whenCreated: 20160321212014.0Z
>> uSNCreated: 4287
>> objectGUID: b34ccfd9-0f88-4f7b-8c00-3296ed92507d
>> userAccountControl: 4128
>> objectSid: S-1-5-21-2555112579-3841919511-698463993-1602
>> sAMAccountName: CBADC02$
>> isDeleted: TRUE
>> lastKnownParent: OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com
>> isRecycled: TRUE
>> cn:: Q0JBREMwMgpERUw6YjM0Y2NmZDktMGY4OC00ZjdiLThjMDAtMzI5NmVkOTI1MDdk
>> name:: Q0JBREMwMgpERUw6YjM0Y2NmZDktMGY4OC00ZjdiLThjMDAtMzI5NmVkOTI1MDdk
>> whenChanged: 20160327050242.0Z
>> uSNChanged: 4293
>> distinguishedName:
>> CN=CBADC02\0ADEL:b34ccfd9-0f88-4f7b-8c00-3296ed92507d,CN=De
>> leted Objects,DC=cb,DC=cliffbells,DC=com
>>
>>
>>
>>
>>
>> # record 3481
>> dn: CN=CBADC02\0ADEL:ec36364c-6f01-4c82-be95-8def84528d9a,CN=Deleted
>> Objects,DC=cb,DC=cliffbells,DC=com
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: user
>> objectClass: computer
>> instanceType: 4
>> whenCreated: 20160310044542.0Z
>> uSNCreated: 4212
>> objectGUID: ec36364c-6f01-4c82-be95-8def84528d9a
>> userAccountControl: 532480
>> objectSid: S-1-5-21-2555112579-3841919511-698463993-1122
>> sAMAccountName: CBADC02$
>> dNSHostName: cbadc02.cb.cliffbells.com
>> cn:: Q0JBREMwMgpERUw6ZWMzNjM2NGMtNmYwMS00YzgyLWJlOTUtOGRlZjg0NTI4ZDlh
>> whenChanged: 20160318045619.0Z
>> isDeleted: TRUE
>> uSNChanged: 4253
>> name:: Q0JBREMwMgpERUw6ZWMzNjM2NGMtNmYwMS00YzgyLWJlOTUtOGRlZjg0NTI4ZDlh
>> lastKnownParent: OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com
>> isRecycled: TRUE
>> distinguishedName:
>> CN=CBADC02\0ADEL:ec36364c-6f01-4c82-be95-8def84528d9a,CN=De
>> leted Objects,DC=cb,DC=cliffbells,DC=com
>>
>>
>>
>>
>>
>>
>>
>>
>> CBADC03 is there once:
>>
>>
>>
>> # record 3431
>> dn:
>>
>>
CN=CBADC03\0ADEL:0d3362c2-c153-415e-b077-0772a61b96b5\0ADEL:0d3362c2-c153-415e-b077-0772a61b96b5,CN=Deleted
>> Obje$
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: user
>> objectClass: computer
>> instanceType: 4
>> whenCreated: 20160321211933.0Z
>> uSNCreated: 4286
>> objectGUID: 0d3362c2-c153-415e-b077-0772a61b96b5
>> userAccountControl: 4128
>> objectSid: S-1-5-21-2555112579-3841919511-698463993-1601
>> sAMAccountName: CBADC03$
>> isDeleted: TRUE
>> lastKnownParent: CN=LostAndFound,DC=cb,DC=cliffbells,DC=com
>> isRecycled: TRUE
>> cn::
>>
Q0JBREMwMwpERUw6MGQzMzYyYzItYzE1My00MTVlLWIwNzctMDc3MmE2MWI5NmI1CkRFTDowZ
>> DMzNjJjMi1jMTUzLTQxNWUtYjA3Ny0wNzcyYTYxYjk2YjU>> name::
>> Q0JBREMwMwpERUw6MGQzMzYyYzItYzE1My00MTVlLWIwNzctMDc3MmE2MWI5NmI1CkRFTDo
>> wZDMzNjJjMi1jMTUzLTQxNWUtYjA3Ny0wNzcyYTYxYjk2YjU>> whenChanged:
20160327050527.0Z
>> uSNChanged: 4294
>> distinguishedName:
>> CN=CBADC03\0ADEL:0d3362c2-c153-415e-b077-0772a61b96b5\0ADEL
>> :0d3362c2-c153-415e-b077-0772a61b96b5,CN=Deleted
>> Objects,DC=cb,DC=cliffbells,
>> DC=com
>>
>>
>>
>> TESTES is nowhere to be found and still fails due to ObjectSID. I
don't
>> understand how that is even possible. I also manually inspected ADUC,
>> ADSS, ADSIEdit and DNS in RSAT for both of my live DCs (FILER &
CBADC01)
>> and removed all references to CBADC02 & CBADC03. Replication
between
>> FILER
>> and CBADC01 is successful. RSync replication of sysvol from FILER to
>> CBADC01 is running via cron.
>>
>> I am spun. I've been banging my head against Samba since
12/17/2015.
>> Please advise, I need to get these VMs joined to the domain so I can
sieze
>> FSMO roles off of FILER so I don't have to keep restoring this
>> ^&*(@^#()*&^
>> database every 36 hours.
>>
>>
>> JS
>>
>>
> OK, so you cannot join another DC and you have to keep restoring every 36
> hours, doesn't this tell you something ?
>
> It looks like the database you keep restoring is badly corrupted, you
> should also be aware that you shouldn't restore a DC if another DC in
the
> domain is running.
>
> Are 'FILER' and 'CBADC01' joined ?
> If so, is 'FILER' the only database that is giving problems ?
> If so, then I think your best option is to seize all the fsmo roles to
> 'CBADC01', turn off 'FILER' and then try to join a new DC
to 'CBADC01'
>
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
On 28/03/16 09:09, IT Admin wrote:> Alright... appreciate the info. Gave it a shot. Domain is still up > but shares are down because they were hosted on FILER which has now > been demoted and is no longer running any samba services. > > What I did while following the wiki "Transfer/Seize FSMO Roles": > > 1) logged on to FILER, ran samba-tool fsmo show, verified all 7 roles > were owned by FILER. > > 2) logged on to CBADC01, executed samba-tool fsmo transfer --role=all > -U administrator --realm=cb.cliffbells.com <http://cb.cliffbells.com> > which succeeded. > > 3) ran samba-tool fsmo show again on FILER, verified all 7 roles were > now owned by CBADC01. > > 4) ran samba-tool drs showrepl on FILER, replication succeded after > transferring fsmo roles. > > 5) ran samba-tool domain demote -Uadministrator on FILER. > > 6) shut down samba on FILER, removed smb.conf, removed initscript > > 7) followed guidelines to cleanup any remaining references to FILER, > it existed in AD Sites and Services, I removed it. I did not delete > DNS references as FILER is critical in this network and must remain > accessible. > > 8) rebooted FILER and CBADC01 > > > Currently AD is allowing users to login to computers, all shares are > dead because FILER isn't providing them and I can't set it up as a > Domain Member to provide the shares again because CBADC01 is missing 3 > of 7 fsmoroleowner entries. I think I have empty fSMORoleOwner > attributes//as discussed here: > https://lists.samba.org/archive/samba-technical/2016-January/111516.html > > > Here's where I'm at: > > sudo /usr/local/samba/bin/samba-tool fsmo show > ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such > element' > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", > line 175, in _run > return self.run(*args, **kwargs) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py", > line 390, in run > infrastructureMaster = get_fsmo_roleowner(samdb, infrastructure_dn) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py", > line 42, in get_fsmo_roleowner > master_owner = res[0]["fSMORoleOwner"][0] > > > sudo /usr/local/samba/bin/samba-tool dbcheck --fix --cross-ncs > Checking 3527 objects > ERROR: fSMORoleOwner not found for role CN=RID > Manager$,CN=System,DC=cb,DC=cliffbells,DC=com > Sieze role CN=RID Manager$,CN=System,DC=cb,DC=cliffbells,DC=com onto > current DC by adding fSMORoleOwner=CN=NTDS > Settings,CN=CBADC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbells,DC=com > [y/N/all/none] y > Failed to sieze role CN=RID > Manager$,CN=System,DC=cb,DC=cliffbells,DC=com onto current DC by > adding fSMORoleOwner=CN=NTDS > Settings,CN=CBADC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbells,DC=com > : (20, 'SINGLE-VALUE attribute fSMORoleOwner on CN=RID > Manager$,CN=System,DC=cb,DC=cliffbells,DC=com specified more than once') > ERROR: fSMORoleOwner not found for role > CN=Infrastructure,DC=cb,DC=cliffbells,DC=com > Sieze role CN=Infrastructure,DC=cb,DC=cliffbells,DC=com onto current > DC by adding fSMORoleOwner=CN=NTDS > Settings,CN=CBADC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbells,DC=com > [y/N/all/none] y > Failed to sieze role CN=Infrastructure,DC=cb,DC=cliffbells,DC=com onto > current DC by adding fSMORoleOwner=CN=NTDS > Settings,CN=CBADC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbells,DC=com > : (20, 'SINGLE-VALUE attribute fSMORoleOwner on > CN=Infrastructure,DC=cb,DC=cliffbells,DC=com specified more than once') > Checked 3527 objects (2 errors) > > > itwerks at cbadc01:~$ sudo /usr/local/samba/bin/samba-tool fsmo seize > --role=rid --force -U administrator --realm=cb.cliffbells.com > <http://cb.cliffbells.com> > ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such > element' > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", > line 175, in _run > return self.run(*args, **kwargs) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py", > line 353, in run > self.seize_role(role, samdb, force) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py", > line 255, in seize_role > master_owner = get_fsmo_roleowner(samdb, m.dn) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py", > line 42, in get_fsmo_roleowner > master_owner = res[0]["fSMORoleOwner"][0] > > sudo /usr/local/samba/bin/samba-tool fsmo seize --role=infrastructure > --force -U administrator --realm=cb.cliffbells.com > <http://cb.cliffbells.com> > ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such > element' > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", > line 175, in _run > return self.run(*args, **kwargs) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py", > line 353, in run > self.seize_role(role, samdb, force) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py", > line 255, in seize_role > master_owner = get_fsmo_roleowner(samdb, m.dn) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py", > line 42, in get_fsmo_roleowner > master_owner = res[0]["fSMORoleOwner"][0] > > > sudo /usr/local/samba/bin/samba-tool fsmo seize --role=domaindns > --force -U administrator --realm=cb.cliffbells.com > <http://cb.cliffbells.com> > ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such > element' > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", > line 175, in _run > return self.run(*args, **kwargs) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py", > line 351, in run > versionopts, force) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py", > line 301, in seize_dns_role > master_owner = get_fsmo_roleowner(samdb, m.dn) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py", > line 42, in get_fsmo_roleowner > master_owner = res[0]["fSMORoleOwner"][0] > > > sudo /usr/local/samba/bin/samba-tool fsmo seize --role=forestdns > --force -U administrator --realm=cb.cliffbells.com > <http://cb.cliffbells.com> > ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such > element' > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", > line 175, in _run > return self.run(*args, **kwargs) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py", > line 351, in run > versionopts, force) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py", > line 301, in seize_dns_role > master_owner = get_fsmo_roleowner(samdb, m.dn) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py", > line 42, in get_fsmo_roleowner > master_owner = res[0]["fSMORoleOwner"][0] > > > I guess I need ldiffs for these, client will be down on a Monday. > > > JS > > On Sun, Mar 27, 2016 at 5:02 AM, Rowland penny <rpenny at samba.org > <mailto:rpenny at samba.org>> wrote: > > On 27/03/16 07:25, IT Admin wrote: > > I ran ldbsearch on my sam.ldb > I searched for CBADC02, CBADC03, and TESTES (all VMs that fail > to join > domain), results are below: > > > CBADC02 shows up a few times: > > # record 1906 > dn: > CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec9,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu$ > objectClass: top > objectClass: server > instanceType: 4 > whenCreated: 20160310044543.0Z > uSNCreated: 4215 > objectGUID: de85228c-f92b-4d5d-9d6a-01c3f915dec9 > systemFlags: 1375731712 > dNSHostName: cbadc02.cb.cliffbells.com > <http://cbadc02.cb.cliffbells.com> > cn:: > Q0JBREMwMgpERUw6ZGU4NTIyOGMtZjkyYi00ZDVkLTlkNmEtMDFjM2Y5MTVkZWM5 > isDeleted: TRUE > name:: > Q0JBREMwMgpERUw6ZGU4NTIyOGMtZjkyYi00ZDVkLTlkNmEtMDFjM2Y5MTVkZWM5 > lastKnownParent: > CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configurati > on,DC=cb,DC=cliffbells,DC=com > isRecycled: TRUE > whenChanged: 20160319092438.0Z > uSNChanged: 4261 > distinguishedName: > CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec9,CN=Se > rvers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbell > s,DC=com > > > # record 2372 > dn: CN=NTDS > Settings\0ADEL:a5d3b626-e936-4a65-97bc-cade176d1b10,CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec$ > objectClass: top > objectClass: applicationSettings > objectClass: nTDSDSA > instanceType: 4 > whenCreated: 20160310044546.0Z > uSNCreated: 4214 > objectGUID: a5d3b626-e936-4a65-97bc-cade176d1b10 > systemFlags: 33554432 > cn:: > TlREUyBTZXR0aW5ncwpERUw6YTVkM2I2MjYtZTkzNi00YTY1LTk3YmMtY2FkZTE3NmQxYjEw > isDeleted: TRUE > name:: > TlREUyBTZXR0aW5ncwpERUw6YTVkM2I2MjYtZTkzNi00YTY1LTk3YmMtY2FkZTE3NmQxYjE > w > isRecycled: TRUE > whenChanged: 20160319092438.0Z > uSNChanged: 4259 > distinguishedName: CN=NTDS > Settings\0ADEL:a5d3b626-e936-4a65-97bc-cade176d1b10 > ,CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec9,CN=Servers,CN=Default- > First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbells,DC=com > > > > # record 3275 > dn: > CN=CBADC02\0ADEL:b34ccfd9-0f88-4f7b-8c00-3296ed92507d,CN=Deleted > Objects,DC=cb,DC=cliffbells,DC=com > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: user > objectClass: computer > instanceType: 4 > whenCreated: 20160321212014.0Z > uSNCreated: 4287 > objectGUID: b34ccfd9-0f88-4f7b-8c00-3296ed92507d > userAccountControl: 4128 > objectSid: S-1-5-21-2555112579-3841919511-698463993-1602 > sAMAccountName: CBADC02$ > isDeleted: TRUE > lastKnownParent: OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com > isRecycled: TRUE > cn:: > Q0JBREMwMgpERUw6YjM0Y2NmZDktMGY4OC00ZjdiLThjMDAtMzI5NmVkOTI1MDdk > name:: > Q0JBREMwMgpERUw6YjM0Y2NmZDktMGY4OC00ZjdiLThjMDAtMzI5NmVkOTI1MDdk > whenChanged: 20160327050242.0Z > uSNChanged: 4293 > distinguishedName: > CN=CBADC02\0ADEL:b34ccfd9-0f88-4f7b-8c00-3296ed92507d,CN=De > leted Objects,DC=cb,DC=cliffbells,DC=com > > > > > > # record 3481 > dn: > CN=CBADC02\0ADEL:ec36364c-6f01-4c82-be95-8def84528d9a,CN=Deleted > Objects,DC=cb,DC=cliffbells,DC=com > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: user > objectClass: computer > instanceType: 4 > whenCreated: 20160310044542.0Z > uSNCreated: 4212 > objectGUID: ec36364c-6f01-4c82-be95-8def84528d9a > userAccountControl: 532480 > objectSid: S-1-5-21-2555112579-3841919511-698463993-1122 > sAMAccountName: CBADC02$ > dNSHostName: cbadc02.cb.cliffbells.com > <http://cbadc02.cb.cliffbells.com> > cn:: > Q0JBREMwMgpERUw6ZWMzNjM2NGMtNmYwMS00YzgyLWJlOTUtOGRlZjg0NTI4ZDlh > whenChanged: 20160318045619.0Z > isDeleted: TRUE > uSNChanged: 4253 > name:: > Q0JBREMwMgpERUw6ZWMzNjM2NGMtNmYwMS00YzgyLWJlOTUtOGRlZjg0NTI4ZDlh > lastKnownParent: OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com > isRecycled: TRUE > distinguishedName: > CN=CBADC02\0ADEL:ec36364c-6f01-4c82-be95-8def84528d9a,CN=De > leted Objects,DC=cb,DC=cliffbells,DC=com > > > > > > > > > CBADC03 is there once: > > > > # record 3431 > dn: > CN=CBADC03\0ADEL:0d3362c2-c153-415e-b077-0772a61b96b5\0ADEL:0d3362c2-c153-415e-b077-0772a61b96b5,CN=Deleted > Obje$ > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: user > objectClass: computer > instanceType: 4 > whenCreated: 20160321211933.0Z > uSNCreated: 4286 > objectGUID: 0d3362c2-c153-415e-b077-0772a61b96b5 > userAccountControl: 4128 > objectSid: S-1-5-21-2555112579-3841919511-698463993-1601 > sAMAccountName: CBADC03$ > isDeleted: TRUE > lastKnownParent: CN=LostAndFound,DC=cb,DC=cliffbells,DC=com > isRecycled: TRUE > cn:: > Q0JBREMwMwpERUw6MGQzMzYyYzItYzE1My00MTVlLWIwNzctMDc3MmE2MWI5NmI1CkRFTDowZ > DMzNjJjMi1jMTUzLTQxNWUtYjA3Ny0wNzcyYTYxYjk2YjU> name:: > Q0JBREMwMwpERUw6MGQzMzYyYzItYzE1My00MTVlLWIwNzctMDc3MmE2MWI5NmI1CkRFTDo > wZDMzNjJjMi1jMTUzLTQxNWUtYjA3Ny0wNzcyYTYxYjk2YjU> whenChanged: 20160327050527.0Z > uSNChanged: 4294 > distinguishedName: > CN=CBADC03\0ADEL:0d3362c2-c153-415e-b077-0772a61b96b5\0ADEL > :0d3362c2-c153-415e-b077-0772a61b96b5,CN=Deleted > Objects,DC=cb,DC=cliffbells, > DC=com > > > > TESTES is nowhere to be found and still fails due to > ObjectSID. I don't > understand how that is even possible. I also manually > inspected ADUC, > ADSS, ADSIEdit and DNS in RSAT for both of my live DCs (FILER > & CBADC01) > and removed all references to CBADC02 & CBADC03. Replication > between FILER > and CBADC01 is successful. RSync replication of sysvol from > FILER to > CBADC01 is running via cron. > > I am spun. I've been banging my head against Samba since > 12/17/2015. > Please advise, I need to get these VMs joined to the domain so > I can sieze > FSMO roles off of FILER so I don't have to keep restoring this > ^&*(@^#()*&^ > database every 36 hours. > > > JS > > > OK, so you cannot join another DC and you have to keep restoring > every 36 hours, doesn't this tell you something ? > > It looks like the database you keep restoring is badly corrupted, > you should also be aware that you shouldn't restore a DC if > another DC in the domain is running. > > Are 'FILER' and 'CBADC01' joined ? > If so, is 'FILER' the only database that is giving problems ? > If so, then I think your best option is to seize all the fsmo > roles to 'CBADC01', turn off 'FILER' and then try to join a new DC > to 'CBADC01' > > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >Strange, you cannot seize the role because it already exists, try running this: ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb '(fsmoroleowner=*)' | grep 'dn:' | sed 's|dn: ||' This should show all the DNs that have a 'fSMORoleOwner' attribute. Have you tried running 'samba-tool fsmo seize --force --role=all -UAdministrator --password=ADMINISTRATORPASSWORD' on the DC Rowland
Sorry, I meant to include the command you sent in my last message, I had
executed it while troubleshooting...
:~$ sudo /usr/local/samba/bin/ldbsearch --cross-ncs -H
/usr/local/samba/private/sam.ldb '(fsmoroleowner=*)' | grep
'dn:' | sed
's|dn: ||'
CN=Schema,CN=Configuration,DC=cb,DC=cliffbells,DC=com
CN=Partitions,CN=Configuration,DC=cb,DC=cliffbells,DC=com
CN=Infrastructure,DC=DomainDnsZones,DC=cb,DC=cliffbells,DC=com
CN=Infrastructure,DC=ForestDnsZones,DC=cb,DC=cliffbells,DC=com
CN=RID Manager$,CN=System,DC=cb,DC=cliffbells,DC=com
DC=cb,DC=cliffbells,DC=com
CN=Infrastructure,DC=cb,DC=cliffbells,DC=com
I have tried to seize role=all --force...
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No
such element'
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 339, in run
self.seize_role("rid", samdb, force)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 255, in seize_role
master_owner = get_fsmo_roleowner(samdb, m.dn)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 42, in get_fsmo_roleowner
master_owner = res[0]["fSMORoleOwner"][0]
I found another thread about the issue:
http://www.spinics.net/lists/samba/msg131164.html
I'm in a bit over my head, any help is greatly appreciated.
JS
On Mar 28, 2016 4:46 AM, "Rowland penny" <rpenny at samba.org>
wrote:
> On 28/03/16 09:09, IT Admin wrote:
>
> Alright... appreciate the info. Gave it a shot. Domain is still up but
> shares are down because they were hosted on FILER which has now been
> demoted and is no longer running any samba services.
>
> What I did while following the wiki "Transfer/Seize FSMO Roles":
>
> 1) logged on to FILER, ran samba-tool fsmo show, verified all 7 roles were
> owned by FILER.
>
> 2) logged on to CBADC01, executed samba-tool fsmo transfer --role=all -U
> administrator --realm=cb.cliffbells.com which succeeded.
>
> 3) ran samba-tool fsmo show again on FILER, verified all 7 roles were now
> owned by CBADC01.
>
> 4) ran samba-tool drs showrepl on FILER, replication succeded after
> transferring fsmo roles.
>
> 5) ran samba-tool domain demote -Uadministrator on FILER.
>
> 6) shut down samba on FILER, removed smb.conf, removed initscript
>
> 7) followed guidelines to cleanup any remaining references to FILER, it
> existed in AD Sites and Services, I removed it. I did not delete DNS
> references as FILER is critical in this network and must remain accessible.
>
> 8) rebooted FILER and CBADC01
>
>
> Currently AD is allowing users to login to computers, all shares are dead
> because FILER isn't providing them and I can't set it up as a
Domain Member
> to provide the shares again because CBADC01 is missing 3 of 7 fsmoroleowner
> entries. I think I have empty fSMORoleOwner attributes as discussed
> here:
> https://lists.samba.org/archive/samba-technical/2016-January/111516.html
>
>
> Here's where I'm at:
>
> sudo /usr/local/samba/bin/samba-tool fsmo show
> ERROR(<type 'exceptions.KeyError'>): uncaught exception -
'No such element'
> File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
> return self.run(*args, **kwargs)
> File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 390, in run
> infrastructureMaster = get_fsmo_roleowner(samdb, infrastructure_dn)
> File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 42, in get_fsmo_roleowner
> master_owner = res[0]["fSMORoleOwner"][0]
>
>
> sudo /usr/local/samba/bin/samba-tool dbcheck --fix --cross-ncs
> Checking 3527 objects
> ERROR: fSMORoleOwner not found for role CN=RID
> Manager$,CN=System,DC=cb,DC=cliffbells,DC=com
> Sieze role CN=RID Manager$,CN=System,DC=cb,DC=cliffbells,DC=com onto
> current DC by adding fSMORoleOwner=CN=NTDS
>
Settings,CN=CBADC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbells,DC=com
> [y/N/all/none] y
> Failed to sieze role CN=RID Manager$,CN=System,DC=cb,DC=cliffbells,DC=com
> onto current DC by adding fSMORoleOwner=CN=NTDS
>
Settings,CN=CBADC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbells,DC=com
> : (20, 'SINGLE-VALUE attribute fSMORoleOwner on CN=RID
> Manager$,CN=System,DC=cb,DC=cliffbells,DC=com specified more than
once')
> ERROR: fSMORoleOwner not found for role
> CN=Infrastructure,DC=cb,DC=cliffbells,DC=com
> Sieze role CN=Infrastructure,DC=cb,DC=cliffbells,DC=com onto current DC by
> adding fSMORoleOwner=CN=NTDS
>
Settings,CN=CBADC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbells,DC=com
> [y/N/all/none] y
> Failed to sieze role CN=Infrastructure,DC=cb,DC=cliffbells,DC=com onto
> current DC by adding fSMORoleOwner=CN=NTDS
>
Settings,CN=CBADC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbells,DC=com
> : (20, 'SINGLE-VALUE attribute fSMORoleOwner on
> CN=Infrastructure,DC=cb,DC=cliffbells,DC=com specified more than once')
> Checked 3527 objects (2 errors)
>
>
> itwerks at cbadc01:~$ sudo /usr/local/samba/bin/samba-tool fsmo seize
> --role=rid --force -U administrator --realm=cb.cliffbells.com
> ERROR(<type 'exceptions.KeyError'>): uncaught exception -
'No such element'
> File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
> return self.run(*args, **kwargs)
> File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 353, in run
> self.seize_role(role, samdb, force)
> File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 255, in seize_role
> master_owner = get_fsmo_roleowner(samdb, m.dn)
> File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 42, in get_fsmo_roleowner
> master_owner = res[0]["fSMORoleOwner"][0]
>
> sudo /usr/local/samba/bin/samba-tool fsmo seize --role=infrastructure
> --force -U administrator --realm=cb.cliffbells.com
> ERROR(<type 'exceptions.KeyError'>): uncaught exception -
'No such element'
> File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
> return self.run(*args, **kwargs)
> File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 353, in run
> self.seize_role(role, samdb, force)
> File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 255, in seize_role
> master_owner = get_fsmo_roleowner(samdb, m.dn)
> File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 42, in get_fsmo_roleowner
> master_owner = res[0]["fSMORoleOwner"][0]
>
>
> sudo /usr/local/samba/bin/samba-tool fsmo seize --role=domaindns --force
> -U administrator --realm=cb.cliffbells.com
> ERROR(<type 'exceptions.KeyError'>): uncaught exception -
'No such element'
> File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
> return self.run(*args, **kwargs)
> File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 351, in run
> versionopts, force)
> File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 301, in seize_dns_role
> master_owner = get_fsmo_roleowner(samdb, m.dn)
> File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 42, in get_fsmo_roleowner
> master_owner = res[0]["fSMORoleOwner"][0]
>
>
> sudo /usr/local/samba/bin/samba-tool fsmo seize --role=forestdns --force
> -U administrator --realm=cb.cliffbells.com
> ERROR(<type 'exceptions.KeyError'>): uncaught exception -
'No such element'
> File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
> return self.run(*args, **kwargs)
> File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 351, in run
> versionopts, force)
> File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 301, in seize_dns_role
> master_owner = get_fsmo_roleowner(samdb, m.dn)
> File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 42, in get_fsmo_roleowner
> master_owner = res[0]["fSMORoleOwner"][0]
>
>
> I guess I need ldiffs for these, client will be down on a Monday.
>
>
> JS
>
> On Sun, Mar 27, 2016 at 5:02 AM, Rowland penny <rpenny at samba.org>
wrote:
>
>> On 27/03/16 07:25, IT Admin wrote:
>>
>>> I ran ldbsearch on my sam.ldb
>>> I searched for CBADC02, CBADC03, and TESTES (all VMs that fail to
join
>>> domain), results are below:
>>>
>>>
>>> CBADC02 shows up a few times:
>>>
>>> # record 1906
>>> dn:
>>>
>>>
CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec9,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu$
>>> objectClass: top
>>> objectClass: server
>>> instanceType: 4
>>> whenCreated: 20160310044543.0Z
>>> uSNCreated: 4215
>>> objectGUID: de85228c-f92b-4d5d-9d6a-01c3f915dec9
>>> systemFlags: 1375731712
>>> dNSHostName: cbadc02.cb.cliffbells.com
>>> cn::
Q0JBREMwMgpERUw6ZGU4NTIyOGMtZjkyYi00ZDVkLTlkNmEtMDFjM2Y5MTVkZWM5
>>> isDeleted: TRUE
>>> name::
Q0JBREMwMgpERUw6ZGU4NTIyOGMtZjkyYi00ZDVkLTlkNmEtMDFjM2Y5MTVkZWM5
>>> lastKnownParent:
>>> CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configurati
>>> on,DC=cb,DC=cliffbells,DC=com
>>> isRecycled: TRUE
>>> whenChanged: 20160319092438.0Z
>>> uSNChanged: 4261
>>> distinguishedName:
>>> CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec9,CN=Se
>>>
>>>
rvers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbell
>>> s,DC=com
>>>
>>>
>>> # record 2372
>>> dn: CN=NTDS
>>>
>>>
Settings\0ADEL:a5d3b626-e936-4a65-97bc-cade176d1b10,CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec$
>>> objectClass: top
>>> objectClass: applicationSettings
>>> objectClass: nTDSDSA
>>> instanceType: 4
>>> whenCreated: 20160310044546.0Z
>>> uSNCreated: 4214
>>> objectGUID: a5d3b626-e936-4a65-97bc-cade176d1b10
>>> systemFlags: 33554432
>>> cn::
>>>
TlREUyBTZXR0aW5ncwpERUw6YTVkM2I2MjYtZTkzNi00YTY1LTk3YmMtY2FkZTE3NmQxYjEw
>>> isDeleted: TRUE
>>> name::
>>>
TlREUyBTZXR0aW5ncwpERUw6YTVkM2I2MjYtZTkzNi00YTY1LTk3YmMtY2FkZTE3NmQxYjE
>>> w
>>> isRecycled: TRUE
>>> whenChanged: 20160319092438.0Z
>>> uSNChanged: 4259
>>> distinguishedName: CN=NTDS
>>> Settings\0ADEL:a5d3b626-e936-4a65-97bc-cade176d1b10
>>>
>>>
,CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec9,CN=Servers,CN=Default-
>>>
First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbells,DC=com
>>>
>>>
>>>
>>> # record 3275
>>> dn:
CN=CBADC02\0ADEL:b34ccfd9-0f88-4f7b-8c00-3296ed92507d,CN=Deleted
>>> Objects,DC=cb,DC=cliffbells,DC=com
>>> objectClass: top
>>> objectClass: person
>>> objectClass: organizationalPerson
>>> objectClass: user
>>> objectClass: computer
>>> instanceType: 4
>>> whenCreated: 20160321212014.0Z
>>> uSNCreated: 4287
>>> objectGUID: b34ccfd9-0f88-4f7b-8c00-3296ed92507d
>>> userAccountControl: 4128
>>> objectSid: S-1-5-21-2555112579-3841919511-698463993-1602
>>> sAMAccountName: CBADC02$
>>> isDeleted: TRUE
>>> lastKnownParent: OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com
>>> isRecycled: TRUE
>>> cn::
Q0JBREMwMgpERUw6YjM0Y2NmZDktMGY4OC00ZjdiLThjMDAtMzI5NmVkOTI1MDdk
>>> name::
Q0JBREMwMgpERUw6YjM0Y2NmZDktMGY4OC00ZjdiLThjMDAtMzI5NmVkOTI1MDdk
>>> whenChanged: 20160327050242.0Z
>>> uSNChanged: 4293
>>> distinguishedName:
>>> CN=CBADC02\0ADEL:b34ccfd9-0f88-4f7b-8c00-3296ed92507d,CN=De
>>> leted Objects,DC=cb,DC=cliffbells,DC=com
>>>
>>>
>>>
>>>
>>>
>>> # record 3481
>>> dn:
CN=CBADC02\0ADEL:ec36364c-6f01-4c82-be95-8def84528d9a,CN=Deleted
>>> Objects,DC=cb,DC=cliffbells,DC=com
>>> objectClass: top
>>> objectClass: person
>>> objectClass: organizationalPerson
>>> objectClass: user
>>> objectClass: computer
>>> instanceType: 4
>>> whenCreated: 20160310044542.0Z
>>> uSNCreated: 4212
>>> objectGUID: ec36364c-6f01-4c82-be95-8def84528d9a
>>> userAccountControl: 532480
>>> objectSid: S-1-5-21-2555112579-3841919511-698463993-1122
>>> sAMAccountName: CBADC02$
>>> dNSHostName: cbadc02.cb.cliffbells.com
>>> cn::
Q0JBREMwMgpERUw6ZWMzNjM2NGMtNmYwMS00YzgyLWJlOTUtOGRlZjg0NTI4ZDlh
>>> whenChanged: 20160318045619.0Z
>>> isDeleted: TRUE
>>> uSNChanged: 4253
>>> name::
Q0JBREMwMgpERUw6ZWMzNjM2NGMtNmYwMS00YzgyLWJlOTUtOGRlZjg0NTI4ZDlh
>>> lastKnownParent: OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com
>>> isRecycled: TRUE
>>> distinguishedName:
>>> CN=CBADC02\0ADEL:ec36364c-6f01-4c82-be95-8def84528d9a,CN=De
>>> leted Objects,DC=cb,DC=cliffbells,DC=com
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> CBADC03 is there once:
>>>
>>>
>>>
>>> # record 3431
>>> dn:
>>>
>>>
CN=CBADC03\0ADEL:0d3362c2-c153-415e-b077-0772a61b96b5\0ADEL:0d3362c2-c153-415e-b077-0772a61b96b5,CN=Deleted
>>> Obje$
>>> objectClass: top
>>> objectClass: person
>>> objectClass: organizationalPerson
>>> objectClass: user
>>> objectClass: computer
>>> instanceType: 4
>>> whenCreated: 20160321211933.0Z
>>> uSNCreated: 4286
>>> objectGUID: 0d3362c2-c153-415e-b077-0772a61b96b5
>>> userAccountControl: 4128
>>> objectSid: S-1-5-21-2555112579-3841919511-698463993-1601
>>> sAMAccountName: CBADC03$
>>> isDeleted: TRUE
>>> lastKnownParent: CN=LostAndFound,DC=cb,DC=cliffbells,DC=com
>>> isRecycled: TRUE
>>> cn::
>>>
Q0JBREMwMwpERUw6MGQzMzYyYzItYzE1My00MTVlLWIwNzctMDc3MmE2MWI5NmI1CkRFTDowZ
>>> DMzNjJjMi1jMTUzLTQxNWUtYjA3Ny0wNzcyYTYxYjk2YjU>>> name::
>>>
Q0JBREMwMwpERUw6MGQzMzYyYzItYzE1My00MTVlLWIwNzctMDc3MmE2MWI5NmI1CkRFTDo
>>> wZDMzNjJjMi1jMTUzLTQxNWUtYjA3Ny0wNzcyYTYxYjk2YjU>>>
whenChanged: 20160327050527.0Z
>>> uSNChanged: 4294
>>> distinguishedName:
>>> CN=CBADC03\0ADEL:0d3362c2-c153-415e-b077-0772a61b96b5\0ADEL
>>> :0d3362c2-c153-415e-b077-0772a61b96b5,CN=Deleted
>>> Objects,DC=cb,DC=cliffbells,
>>> DC=com
>>>
>>>
>>>
>>> TESTES is nowhere to be found and still fails due to ObjectSID.
I
>>> don't
>>> understand how that is even possible. I also manually inspected
ADUC,
>>> ADSS, ADSIEdit and DNS in RSAT for both of my live DCs (FILER &
CBADC01)
>>> and removed all references to CBADC02 & CBADC03. Replication
between
>>> FILER
>>> and CBADC01 is successful. RSync replication of sysvol from FILER
to
>>> CBADC01 is running via cron.
>>>
>>> I am spun. I've been banging my head against Samba since
12/17/2015.
>>> Please advise, I need to get these VMs joined to the domain so I
can
>>> sieze
>>> FSMO roles off of FILER so I don't have to keep restoring this
>>> ^&*(@^#()*&^
>>> database every 36 hours.
>>>
>>>
>>> JS
>>>
>>>
>> OK, so you cannot join another DC and you have to keep restoring every
36
>> hours, doesn't this tell you something ?
>>
>> It looks like the database you keep restoring is badly corrupted, you
>> should also be aware that you shouldn't restore a DC if another DC
in the
>> domain is running.
>>
>> Are 'FILER' and 'CBADC01' joined ?
>> If so, is 'FILER' the only database that is giving problems ?
>> If so, then I think your best option is to seize all the fsmo roles to
>> 'CBADC01', turn off 'FILER' and then try to join a new
DC to 'CBADC01'
>>
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
>
> Strange, you cannot seize the role because it already exists, try running
> this:
>
> ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb
> '(fsmoroleowner=*)' | grep 'dn:' | sed 's|dn: ||'
>
> This should show all the DNs that have a 'fSMORoleOwner' attribute.
>
> Have you tried running
> 'samba-tool fsmo seize --force --role=all -UAdministrator
> --password=ADMINISTRATORPASSWORD'
> on the DC
>
> Rowland
>