thr3ads.net - samba - [Samba] Unable to join DC to domain [Mar 2016]

If this information is useful, please help other people find it:
Share via:

IT Admin

2016-Mar-28 09:00 UTC

[Samba] Unable to join DC to domain

Sorry, I meant to include the command you sent in my last message, I had
executed it while troubleshooting...

:~$ sudo /usr/local/samba/bin/ldbsearch --cross-ncs -H
/usr/local/samba/private/sam.ldb '(fsmoroleowner=*)' | grep
'dn:' | sed
's|dn: ||'

CN=Schema,CN=Configuration,DC=cb,DC=cliffbells,DC=com
CN=Partitions,CN=Configuration,DC=cb,DC=cliffbells,DC=com
CN=Infrastructure,DC=DomainDnsZones,DC=cb,DC=cliffbells,DC=com
CN=Infrastructure,DC=ForestDnsZones,DC=cb,DC=cliffbells,DC=com
CN=RID Manager$,CN=System,DC=cb,DC=cliffbells,DC=com
DC=cb,DC=cliffbells,DC=com
CN=Infrastructure,DC=cb,DC=cliffbells,DC=com

I have tried to seize role=all --force...

ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No
such element'
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 339, in run
    self.seize_role("rid", samdb, force)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 255, in seize_role
    master_owner = get_fsmo_roleowner(samdb, m.dn)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 42, in get_fsmo_roleowner
    master_owner = res[0]["fSMORoleOwner"][0]

I found another thread about the issue:
http://www.spinics.net/lists/samba/msg131164.html

I'm in a bit over my head, any help is greatly appreciated.

JS
On Mar 28, 2016 4:46 AM, "Rowland penny" <rpenny at samba.org>
wrote:
> On 28/03/16 09:09, IT Admin wrote:
>
> Alright... appreciate the info.  Gave it a shot.  Domain is still up but
> shares are down because they were hosted on FILER which has now been
> demoted and is no longer running any samba services.
>
> What I did while following the wiki "Transfer/Seize FSMO Roles":
>
> 1) logged on to FILER, ran samba-tool fsmo show, verified all 7 roles were
> owned by FILER.
>
> 2) logged on to CBADC01, executed samba-tool fsmo transfer --role=all -U
> administrator --realm=cb.cliffbells.com which succeeded.
>
> 3) ran samba-tool fsmo show again on FILER, verified all 7 roles were now
> owned by CBADC01.
>
> 4) ran samba-tool drs showrepl on FILER, replication succeded after
> transferring fsmo roles.
>
> 5) ran samba-tool domain demote -Uadministrator on FILER.
>
> 6) shut down samba on FILER, removed smb.conf, removed initscript
>
> 7) followed guidelines to cleanup any remaining references to FILER, it
> existed in AD Sites and Services, I removed it.  I did not delete DNS
> references as FILER is critical in this network and must remain accessible.
>
> 8) rebooted FILER and CBADC01
>
>
> Currently AD is allowing users to login to computers, all shares are dead
> because FILER isn't providing them and I can't set it up as a
Domain Member
> to provide the shares again because CBADC01 is missing 3 of 7 fsmoroleowner
> entries.  I think I have empty fSMORoleOwner attributes as discussed
> here:
> https://lists.samba.org/archive/samba-technical/2016-January/111516.html
>
>
> Here's where I'm at:
>
> sudo /usr/local/samba/bin/samba-tool fsmo show
> ERROR(<type 'exceptions.KeyError'>): uncaught exception -
'No such element'
>   File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
>     return self.run(*args, **kwargs)
>   File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 390, in run
>     infrastructureMaster = get_fsmo_roleowner(samdb, infrastructure_dn)
>   File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 42, in get_fsmo_roleowner
>     master_owner = res[0]["fSMORoleOwner"][0]
>
>
> sudo /usr/local/samba/bin/samba-tool dbcheck --fix --cross-ncs
> Checking 3527 objects
> ERROR: fSMORoleOwner not found for role CN=RID
> Manager$,CN=System,DC=cb,DC=cliffbells,DC=com
> Sieze role CN=RID Manager$,CN=System,DC=cb,DC=cliffbells,DC=com onto
> current DC by adding fSMORoleOwner=CN=NTDS
>
Settings,CN=CBADC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbells,DC=com
> [y/N/all/none] y
> Failed to sieze role CN=RID Manager$,CN=System,DC=cb,DC=cliffbells,DC=com
> onto current DC by adding fSMORoleOwner=CN=NTDS
>
Settings,CN=CBADC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbells,DC=com
> : (20, 'SINGLE-VALUE attribute fSMORoleOwner on CN=RID
> Manager$,CN=System,DC=cb,DC=cliffbells,DC=com specified more than
once')
> ERROR: fSMORoleOwner not found for role
> CN=Infrastructure,DC=cb,DC=cliffbells,DC=com
> Sieze role CN=Infrastructure,DC=cb,DC=cliffbells,DC=com onto current DC by
> adding fSMORoleOwner=CN=NTDS
>
Settings,CN=CBADC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbells,DC=com
> [y/N/all/none] y
> Failed to sieze role CN=Infrastructure,DC=cb,DC=cliffbells,DC=com onto
> current DC by adding fSMORoleOwner=CN=NTDS
>
Settings,CN=CBADC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbells,DC=com
> : (20, 'SINGLE-VALUE attribute fSMORoleOwner on
> CN=Infrastructure,DC=cb,DC=cliffbells,DC=com specified more than once')
> Checked 3527 objects (2 errors)
>
>
> itwerks at cbadc01:~$ sudo /usr/local/samba/bin/samba-tool fsmo seize
> --role=rid --force -U administrator --realm=cb.cliffbells.com
> ERROR(<type 'exceptions.KeyError'>): uncaught exception -
'No such element'
>   File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
>     return self.run(*args, **kwargs)
>   File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 353, in run
>     self.seize_role(role, samdb, force)
>   File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 255, in seize_role
>     master_owner = get_fsmo_roleowner(samdb, m.dn)
>   File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 42, in get_fsmo_roleowner
>     master_owner = res[0]["fSMORoleOwner"][0]
>
> sudo /usr/local/samba/bin/samba-tool fsmo seize --role=infrastructure
> --force -U administrator --realm=cb.cliffbells.com
> ERROR(<type 'exceptions.KeyError'>): uncaught exception -
'No such element'
>   File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
>     return self.run(*args, **kwargs)
>   File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 353, in run
>     self.seize_role(role, samdb, force)
>   File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 255, in seize_role
>     master_owner = get_fsmo_roleowner(samdb, m.dn)
>   File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 42, in get_fsmo_roleowner
>     master_owner = res[0]["fSMORoleOwner"][0]
>
>
>  sudo /usr/local/samba/bin/samba-tool fsmo seize --role=domaindns --force
> -U administrator --realm=cb.cliffbells.com
> ERROR(<type 'exceptions.KeyError'>): uncaught exception -
'No such element'
>   File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
>     return self.run(*args, **kwargs)
>   File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 351, in run
>     versionopts, force)
>   File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 301, in seize_dns_role
>     master_owner = get_fsmo_roleowner(samdb, m.dn)
>   File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 42, in get_fsmo_roleowner
>     master_owner = res[0]["fSMORoleOwner"][0]
>
>
> sudo /usr/local/samba/bin/samba-tool fsmo seize --role=forestdns --force
> -U administrator --realm=cb.cliffbells.com
> ERROR(<type 'exceptions.KeyError'>): uncaught exception -
'No such element'
>   File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
>     return self.run(*args, **kwargs)
>   File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 351, in run
>     versionopts, force)
>   File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 301, in seize_dns_role
>     master_owner = get_fsmo_roleowner(samdb, m.dn)
>   File
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line
> 42, in get_fsmo_roleowner
>     master_owner = res[0]["fSMORoleOwner"][0]
>
>
> I guess I need ldiffs for these, client will be down on a Monday.
>
>
> JS
>
> On Sun, Mar 27, 2016 at 5:02 AM, Rowland penny <rpenny at samba.org>
wrote:
>
>> On 27/03/16 07:25, IT Admin wrote:
>>
>>> I ran ldbsearch on my sam.ldb
>>> I searched for CBADC02, CBADC03, and TESTES (all VMs that fail to
join
>>> domain), results are below:
>>>
>>>
>>> CBADC02 shows up a few times:
>>>
>>> # record 1906
>>> dn:
>>>
>>>
CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec9,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu$
>>> objectClass: top
>>> objectClass: server
>>> instanceType: 4
>>> whenCreated: 20160310044543.0Z
>>> uSNCreated: 4215
>>> objectGUID: de85228c-f92b-4d5d-9d6a-01c3f915dec9
>>> systemFlags: 1375731712
>>> dNSHostName: cbadc02.cb.cliffbells.com
>>> cn::
Q0JBREMwMgpERUw6ZGU4NTIyOGMtZjkyYi00ZDVkLTlkNmEtMDFjM2Y5MTVkZWM5
>>> isDeleted: TRUE
>>> name::
Q0JBREMwMgpERUw6ZGU4NTIyOGMtZjkyYi00ZDVkLTlkNmEtMDFjM2Y5MTVkZWM5
>>> lastKnownParent:
>>> CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configurati
>>>   on,DC=cb,DC=cliffbells,DC=com
>>> isRecycled: TRUE
>>> whenChanged: 20160319092438.0Z
>>> uSNChanged: 4261
>>> distinguishedName:
>>> CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec9,CN=Se
>>>
>>>
rvers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbell
>>>   s,DC=com
>>>
>>>
>>>   # record 2372
>>> dn: CN=NTDS
>>>
>>>
Settings\0ADEL:a5d3b626-e936-4a65-97bc-cade176d1b10,CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec$
>>> objectClass: top
>>> objectClass: applicationSettings
>>> objectClass: nTDSDSA
>>> instanceType: 4
>>> whenCreated: 20160310044546.0Z
>>> uSNCreated: 4214
>>> objectGUID: a5d3b626-e936-4a65-97bc-cade176d1b10
>>> systemFlags: 33554432
>>> cn::
>>>
TlREUyBTZXR0aW5ncwpERUw6YTVkM2I2MjYtZTkzNi00YTY1LTk3YmMtY2FkZTE3NmQxYjEw
>>> isDeleted: TRUE
>>> name::
>>>
TlREUyBTZXR0aW5ncwpERUw6YTVkM2I2MjYtZTkzNi00YTY1LTk3YmMtY2FkZTE3NmQxYjE
>>>   w
>>> isRecycled: TRUE
>>> whenChanged: 20160319092438.0Z
>>> uSNChanged: 4259
>>> distinguishedName: CN=NTDS
>>> Settings\0ADEL:a5d3b626-e936-4a65-97bc-cade176d1b10
>>>
>>>
,CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec9,CN=Servers,CN=Default-
>>>  
First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbells,DC=com
>>>
>>>
>>>
>>>   # record 3275
>>> dn:
CN=CBADC02\0ADEL:b34ccfd9-0f88-4f7b-8c00-3296ed92507d,CN=Deleted
>>> Objects,DC=cb,DC=cliffbells,DC=com
>>> objectClass: top
>>> objectClass: person
>>> objectClass: organizationalPerson
>>> objectClass: user
>>> objectClass: computer
>>> instanceType: 4
>>> whenCreated: 20160321212014.0Z
>>> uSNCreated: 4287
>>> objectGUID: b34ccfd9-0f88-4f7b-8c00-3296ed92507d
>>> userAccountControl: 4128
>>> objectSid: S-1-5-21-2555112579-3841919511-698463993-1602
>>> sAMAccountName: CBADC02$
>>> isDeleted: TRUE
>>> lastKnownParent: OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com
>>> isRecycled: TRUE
>>> cn::
Q0JBREMwMgpERUw6YjM0Y2NmZDktMGY4OC00ZjdiLThjMDAtMzI5NmVkOTI1MDdk
>>> name::
Q0JBREMwMgpERUw6YjM0Y2NmZDktMGY4OC00ZjdiLThjMDAtMzI5NmVkOTI1MDdk
>>> whenChanged: 20160327050242.0Z
>>> uSNChanged: 4293
>>> distinguishedName:
>>> CN=CBADC02\0ADEL:b34ccfd9-0f88-4f7b-8c00-3296ed92507d,CN=De
>>>   leted Objects,DC=cb,DC=cliffbells,DC=com
>>>
>>>
>>>
>>>
>>>
>>>   # record 3481
>>> dn:
CN=CBADC02\0ADEL:ec36364c-6f01-4c82-be95-8def84528d9a,CN=Deleted
>>> Objects,DC=cb,DC=cliffbells,DC=com
>>> objectClass: top
>>> objectClass: person
>>> objectClass: organizationalPerson
>>> objectClass: user
>>> objectClass: computer
>>> instanceType: 4
>>> whenCreated: 20160310044542.0Z
>>> uSNCreated: 4212
>>> objectGUID: ec36364c-6f01-4c82-be95-8def84528d9a
>>> userAccountControl: 532480
>>> objectSid: S-1-5-21-2555112579-3841919511-698463993-1122
>>> sAMAccountName: CBADC02$
>>> dNSHostName: cbadc02.cb.cliffbells.com
>>> cn::
Q0JBREMwMgpERUw6ZWMzNjM2NGMtNmYwMS00YzgyLWJlOTUtOGRlZjg0NTI4ZDlh
>>> whenChanged: 20160318045619.0Z
>>> isDeleted: TRUE
>>> uSNChanged: 4253
>>> name::
Q0JBREMwMgpERUw6ZWMzNjM2NGMtNmYwMS00YzgyLWJlOTUtOGRlZjg0NTI4ZDlh
>>> lastKnownParent: OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com
>>> isRecycled: TRUE
>>> distinguishedName:
>>> CN=CBADC02\0ADEL:ec36364c-6f01-4c82-be95-8def84528d9a,CN=De
>>>   leted Objects,DC=cb,DC=cliffbells,DC=com
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>   CBADC03 is there once:
>>>
>>>
>>>
>>>   # record 3431
>>> dn:
>>>
>>>
CN=CBADC03\0ADEL:0d3362c2-c153-415e-b077-0772a61b96b5\0ADEL:0d3362c2-c153-415e-b077-0772a61b96b5,CN=Deleted
>>> Obje$
>>> objectClass: top
>>> objectClass: person
>>> objectClass: organizationalPerson
>>> objectClass: user
>>> objectClass: computer
>>> instanceType: 4
>>> whenCreated: 20160321211933.0Z
>>> uSNCreated: 4286
>>> objectGUID: 0d3362c2-c153-415e-b077-0772a61b96b5
>>> userAccountControl: 4128
>>> objectSid: S-1-5-21-2555112579-3841919511-698463993-1601
>>> sAMAccountName: CBADC03$
>>> isDeleted: TRUE
>>> lastKnownParent: CN=LostAndFound,DC=cb,DC=cliffbells,DC=com
>>> isRecycled: TRUE
>>> cn::
>>>
Q0JBREMwMwpERUw6MGQzMzYyYzItYzE1My00MTVlLWIwNzctMDc3MmE2MWI5NmI1CkRFTDowZ
>>>   DMzNjJjMi1jMTUzLTQxNWUtYjA3Ny0wNzcyYTYxYjk2YjU>>> name::
>>>
Q0JBREMwMwpERUw6MGQzMzYyYzItYzE1My00MTVlLWIwNzctMDc3MmE2MWI5NmI1CkRFTDo
>>>   wZDMzNjJjMi1jMTUzLTQxNWUtYjA3Ny0wNzcyYTYxYjk2YjU>>>
whenChanged: 20160327050527.0Z
>>> uSNChanged: 4294
>>> distinguishedName:
>>> CN=CBADC03\0ADEL:0d3362c2-c153-415e-b077-0772a61b96b5\0ADEL
>>>   :0d3362c2-c153-415e-b077-0772a61b96b5,CN=Deleted
>>> Objects,DC=cb,DC=cliffbells,
>>>   DC=com
>>>
>>>
>>>
>>>   TESTES is nowhere to be found and still fails due to ObjectSID. 
I
>>> don't
>>> understand how that is even possible.  I also manually inspected
ADUC,
>>> ADSS, ADSIEdit and DNS in RSAT for both of my live DCs (FILER &
CBADC01)
>>> and removed all references to CBADC02 & CBADC03.  Replication
between
>>> FILER
>>> and CBADC01 is successful.  RSync replication of sysvol from FILER
to
>>> CBADC01 is running via cron.
>>>
>>> I am spun.  I've been banging my head against Samba since
12/17/2015.
>>> Please advise, I need to get these VMs joined to the domain so I
can
>>> sieze
>>> FSMO roles off of FILER so I don't have to keep restoring this
>>> ^&*(@^#()*&^
>>> database every 36 hours.
>>>
>>>
>>> JS
>>>
>>>
>> OK, so you cannot join another DC and you have to keep restoring every
36
>> hours, doesn't this tell you something ?
>>
>> It looks like the  database you keep restoring is badly corrupted, you
>> should also be aware that you shouldn't restore a DC if another DC
in the
>> domain is running.
>>
>> Are 'FILER' and 'CBADC01' joined ?
>> If so, is 'FILER' the only database that is giving problems ?
>> If so, then I think your best option is to seize all the fsmo roles to
>> 'CBADC01', turn off 'FILER' and then try to join a new
DC to 'CBADC01'
>>
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
> Strange, you cannot seize the role because it already exists, try running
> this:
>
> ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb
> '(fsmoroleowner=*)' | grep 'dn:' | sed 's|dn: ||'
>
> This should show all the DNs that have a 'fSMORoleOwner' attribute.
>
> Have you tried running
> 'samba-tool fsmo seize --force --role=all -UAdministrator
> --password=ADMINISTRATORPASSWORD'
> on the DC
>
> Rowland
>

Rowland penny

2016-Mar-28 10:31 UTC

head link

[Samba] Unable to join DC to domain

On 28/03/16 10:00, IT Admin wrote:>
> Sorry, I meant to include the command you sent in my last message, I 
> had executed it while troubleshooting...
>
> :~$ sudo /usr/local/samba/bin/ldbsearch --cross-ncs -H 
> /usr/local/samba/private/sam.ldb '(fsmoroleowner=*)' | grep
'dn:' |
> sed 's|dn: ||'
>
> CN=Schema,CN=Configuration,DC=cb,DC=cliffbells,DC=com
> CN=Partitions,CN=Configuration,DC=cb,DC=cliffbells,DC=com
> CN=Infrastructure,DC=DomainDnsZones,DC=cb,DC=cliffbells,DC=com
> CN=Infrastructure,DC=ForestDnsZones,DC=cb,DC=cliffbells,DC=com
> CN=RID Manager$,CN=System,DC=cb,DC=cliffbells,DC=com
> DC=cb,DC=cliffbells,DC=com
> CN=Infrastructure,DC=cb,DC=cliffbells,DC=com
>
> I have tried to seize role=all --force...
>
> ERROR(<type 'exceptions.KeyError'>): uncaught exception -
'No such
> element'
>   File 
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
>     return self.run(*args, **kwargs)
>   File 
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
> line 339, in run
>     self.seize_role("rid", samdb, force)
>   File 
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
> line 255, in seize_role
>     master_owner = get_fsmo_roleowner(samdb, m.dn)
>   File 
>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
> line 42, in get_fsmo_roleowner
>     master_owner = res[0]["fSMORoleOwner"][0]
>
> I found another thread about the issue: 
> http://www.spinics.net/lists/samba/msg131164.html
>
> I'm in a bit over my head, any help is greatly appreciated.
>
> JS
>
>
OK, lets take these one by one, you seem to have a problem with the 
ridmaster fsmo role, what does this return:

ldbsearch -H /var/lib/samba/private/sam.ldb -b 
'CN=System,DC=cb,DC=cliffbells,DC=com' -s sub 
'(&(objectclass=rIDManager)(cn=RID Manager$))' fSMORoleOwner

On my system:

# record 1
dn: CN=RID Manager$,CN=System,DC=samdom,DC=example,DC=com
fSMORoleOwner: CN=NTDS 
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,C
  N=Sites,CN=Configuration,DC=samdom,DC=example,DC=com

Rowland

IT Admin

2016-Mar-28 17:46 UTC

head link

[Samba] Unable to join DC to domain

Hi Rowland,

I had run those queries during troubleshooting last night as well,
apologies if I get ahead of myself, here are all of my missing roles, they
only have dn entries, the second line containing fsmoowner is blank:

itwerks at cbadc01:~$ sudo /usr/local/samba/bin/ldbsearch -H
/usr/local/samba/private/sam.ldb -b
'CN=System,DC=cb,DC=cliffbells,DC=com'
-s sub '(&(objectclass=rIDManager)(cn=RID Manager$))' fSMORoleOwner
# record 1
dn: CN=RID Manager$,CN=System,DC=cb,DC=cliffbells,DC=com

# returned 1 records
# 1 entries
# 0 referrals

itwerks at cbadc01:~$ !284
sudo /usr/local/samba/bin/ldbsearch --cross-ncs -H
/usr/local/samba/private/sam.ldb -b
"CN=Infrastructure,DC=DomainDnsZones,DC=cb,DC=cliffbells,DC=com" -s
base
fsmoroleowner
# record 1
dn: CN=Infrastructure,DC=DomainDnsZones,DC=cb,DC=cliffbells,DC=com

# returned 1 records
# 1 entries
# 0 referrals

itwerks at cbadc01:~$
!285
sudo /usr/local/samba/bin/ldbsearch --cross-ncs -H
/usr/local/samba/private/sam.ldb -b
"CN=Infrastructure,DC=ForestDnsZones,DC=cb,DC=cliffbells,DC=com" -s
base
fsmoroleowner
# record 1
dn: CN=Infrastructure,DC=ForestDnsZones,DC=cb,DC=cliffbells,DC=com

# returned 1 records
# 1 entries
# 0 referrals

itwerks at cbadc01:~$
!286
sudo /usr/local/samba/bin/ldbsearch --cross-ncs -H
/usr/local/samba/private/sam.ldb -b
"CN=Infrastructure,DC=cb,DC=cliffbells,DC=com" -s base fsmoroleowner
# record 1
dn: CN=Infrastructure,DC=cb,DC=cliffbells,DC=com

# returned 1 records
# 1 entries
# 0 referrals
itwerks at cbadc01:~$

JS

Reasonably Related Threads

Search for more reasonably related threads

samba - Mar 2016 - Unable to join DC to domain

[Samba] Unable to join DC to domain

[Samba] Unable to join DC to domain

[Samba] Unable to join DC to domain

Reasonably Related Threads