thr3ads.net - samba - [Samba] Unable to transfer ForestDns/DomainDNS [Jun 2016]

If this information is useful, please help other people find it:
Share via:

Jason Waters

2016-Jun-23 17:52 UTC

[Samba] Unable to transfer ForestDns/DomainDNS

lol...sorry!

- The windows domain controller does run a DNS server

- I joined the samba DC's to the windows DC.  I used the normal command,
but did get an error about the forest and domain dns. The error is:

descriptor_sd_propagation_recursive:
DC=DomainDnsZones,DC=fisherthompson,DC=local not found under
DC=fisherthompson,DC=local
descriptor_sd_propagation_recursive:
DC=ForestDnsZones,DC=fisherthompson,DC=local not found under
DC=fisherthompson,DC=local


Below is the full join output.....


START OF DOMAIN JOIN
*************************************
root at DC01:/var/lib/samba# samba-tool domain join fisherthompson.local DC
-UAdministrator
Finding a writeable DC for domain 'fisherthompson.local'
Found DC PDC.fisherthompson.local
Password for [FISHERTHOMPSON\Administrator]:
workgroup is FISHERTHOMPSON
realm is fisherthompson.local
checking sAMAccountName
Adding CN=DC01,OU=Domain Controllers,DC=fisherthompson,DC=local
Adding
CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
Adding CN=NTDS
Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
Adding SPNs to CN=DC01,OU=Domain Controllers,DC=fisherthompson,DC=local
Setting account password for DC01$
Enabling account
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
A Kerberos configuration suitable for Samba 4 has been generated at
/var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=fisherthompson,DC=local
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
objects[402] linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
objects[804] linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
objects[1206] linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
objects[1376] linked_values[0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[402]
linked_values[0]
Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[804]
linked_values[0]
Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[1206]
linked_values[0]
Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[1608]
linked_values[18]
Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[1629]
linked_values[10]
Replicating critical objects from the base DN of the domain
Partition[DC=fisherthompson,DC=local] objects[93] linked_values[7]
Partition[DC=fisherthompson,DC=local] objects[387] linked_values[0]
Partition[DC=fisherthompson,DC=local] objects[569] linked_values[175]
Partition[DC=fisherthompson,DC=local] objects[741] linked_values[36]
Partition[DC=fisherthompson,DC=local] objects[741] linked_values[0]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=fisherthompson,DC=local
Partition[DC=DomainDnsZones,DC=fisherthompson,DC=local] objects[191]
linked_values[0]
Replicating DC=ForestDnsZones,DC=fisherthompson,DC=local
Partition[DC=ForestDnsZones,DC=fisherthompson,DC=local] objects[33]
linked_values[0]
Committing SAM database
descriptor_sd_propagation_recursive:
DC=DomainDnsZones,DC=fisherthompson,DC=local not found under
DC=fisherthompson,DC=local
descriptor_sd_propagation_recursive:
DC=ForestDnsZones,DC=fisherthompson,DC=local not found under
DC=fisherthompson,DC=local
Sending DsReplicaUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
Joined domain FISHERTHOMPSON (SID
S-1-5-21-4059926353-2957580592-3733343930) as a DC

*************************************
END OF DOMAIN JOIN


On Thu, Jun 23, 2016 at 1:43 PM, Rowland penny <rpenny at samba.org>
wrote:
> On 23/06/16 17:49, Jason Waters wrote:
>
>> I did not get SUCCESS!
>>
>> root at DC01:/mnt# samba-tool ldapcmp ldap://dc01 ldap://pdc dnsdomain
>>
>> * Comparing [DNSDOMAIN] context...
>>
>> * Objects to be compared: 188
>>
>> Comparing:
>>
'CN=Infrastructure,DC=DomainDnsZones,DC=fisherthompson,DC=local'
>> [ldap://dc01]
>>
'CN=Infrastructure,DC=DomainDnsZones,DC=fisherthompson,DC=local'
>> [ldap://pdc]
>>     Attributes found only in ldap://dc01:
>>         fSMORoleOwner
>>     Difference in attribute values:
>>         whenChanged =>
>> ['20160622133653.0Z']
>> ['20160621205006.0Z']
>>     FAILED
>>
>> Comparing:
>> 'CN=MicrosoftDNS,DC=DomainDnsZones,DC=fisherthompson,DC=local'
>> [ldap://dc01]
>> 'CN=MicrosoftDNS,DC=DomainDnsZones,DC=fisherthompson,DC=local'
>> [ldap://pdc]
>>     Attributes found only in ldap://dc01:
>>         distinguishedName
>>         cn
>>         objectCategory
>>         objectClass
>>         objectGUID
>>         showInAdvancedViewOnly
>>         whenCreated
>>         whenChanged
>>         instanceType
>>         name
>>     FAILED
>>
>> * Result for [DNSDOMAIN]: FAILURE
>>
>> SUMMARY
>> ---------
>>
>> Attributes found only in ldap://dc01:
>>
>>     distinguishedName
>>     cn
>>     objectCategory
>>     objectClass
>>     fSMORoleOwner
>>     objectGUID
>>     showInAdvancedViewOnly
>>     whenCreated
>>     whenChanged
>>     instanceType
>>     name
>>
>> Attributes with different values:
>>
>>     whenChanged
>> ERROR: Compare failed: -1
>>
>>
>> On Thu, Jun 23, 2016 at 12:38 PM, Rowland penny <rpenny at samba.org
>> <mailto:rpenny at samba.org>> wrote:
>>
>>     On 23/06/16 16:32, Jason Waters wrote:
>>
>>         This is what it returned.
>>
>>         root at DC01:/mnt# ldbsearch --cross-ncs -H
>>         /var/lib/samba/private/sam.ldb -b
>>        
"CN=Infrastructure,DC=DomainDnsZones,DC=fisherthompson,DC=local"
>>         -s base fsmoroleowner
>>         # record 1
>>         dn:
CN=Infrastructure,DC=DomainDnsZones,DC=fisherthompson,DC=local
>>         fSMORoleOwner: CN=NTDS
>>         Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,C
>>          N=Sites,CN=Configuration,DC=fisherthompson,DC=local
>>
>>         # returned 1 records
>>         # 1 entries
>>         # 0 referrals
>>
>>
>>         Looks right, right?  It almost seems like it is trying to
>>         delete it from the Windows 2003 machine, but can't. So I
ran
>>         NetDOM /query FSMO on the windows 2003 server and got this.
>>
>>         Schema owner                PDC.fisherthompson.local
>>         Domain role owner           PDC.fisherthompson.local
>>         PDC role                    PDC.fisherthompson.local
>>         RID pool manager            PDC.fisherthompson.local
>>         Infrastructure owner        PDC.fisherthompson.local
>>         The command completed successfully.
>>
>>         So no DomainDNS or ForestDNS present.
>>
>>
>>
>>     Unfortunately that doesn't mean anything, the windows tools
only
>>     seem to known about the five main FSMO roles (as did samba-tool up
>>     until 4.3.0)
>>
>>     Try this command, it should end with the word 'SUCCESS'
>>
>>     samba-tool ldapcmp ldap://dc01 ldap://pdc dnsdomain
>>
>>     Does the windows DC run a DNS server ?
>>
>>
>>     Rowland
>>
>>     --     To unsubscribe from this list go to the following URL and
read
>> the
>>     instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>>
> That sort of means you don't have dns zones on your windows DC, or at
> least full ones.
>
> Does your windows DC run a DNS server ??
>
> How did you join the Samba DCs to the windows DC, or was it the opposite
> way round, you joined the windows one to the Samba DCs, if so how.
>
> I feel another possible re-write of fsmo.py coming on :-(
>
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Rowland penny

2016-Jun-23 18:19 UTC

head link

[Samba] Unable to transfer ForestDns/DomainDNS

On 23/06/16 18:52, Jason Waters wrote:> lol...sorry!
>
> - The windows domain controller does run a DNS server
>
> - I joined the samba DC's to the windows DC.  I used the normal 
> command, but did get an error about the forest and domain dns. The 
> error is:
>
> descriptor_sd_propagation_recursive: 
> DC=DomainDnsZones,DC=fisherthompson,DC=local not found under 
> DC=fisherthompson,DC=local
> descriptor_sd_propagation_recursive: 
> DC=ForestDnsZones,DC=fisherthompson,DC=local not found under 
> DC=fisherthompson,DC=local
>
>
> Below is the full join output.....
>
>
> START OF DOMAIN JOIN
> *************************************
> root at DC01:/var/lib/samba# samba-tool domain join fisherthompson.local 
> DC -UAdministrator
> Finding a writeable DC for domain 'fisherthompson.local'
> Found DC PDC.fisherthompson.local
> Password for [FISHERTHOMPSON\Administrator]:
> workgroup is FISHERTHOMPSON
> realm is fisherthompson.local
> checking sAMAccountName
> Adding CN=DC01,OU=Domain Controllers,DC=fisherthompson,DC=local
> Adding 
>
CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
> Adding CN=NTDS 
>
Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
> Adding SPNs to CN=DC01,OU=Domain Controllers,DC=fisherthompson,DC=local
> Setting account password for DC01$
> Enabling account
> Calling bare provision
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up share.ldb
> Setting up secrets.ldb
> Setting up the registry
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> A Kerberos configuration suitable for Samba 4 has been generated at 
> /var/lib/samba/private/krb5.conf
> Provision OK for domain DN DC=fisherthompson,DC=local
> Starting replication
> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local] 
> objects[402] linked_values[0]
> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local] 
> objects[804] linked_values[0]
> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local] 
> objects[1206] linked_values[0]
> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local] 
> objects[1376] linked_values[0]
> Analyze and apply schema objects
> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[402] 
> linked_values[0]
> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[804] 
> linked_values[0]
> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[1206] 
> linked_values[0]
> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[1608] 
> linked_values[18]
> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[1629] 
> linked_values[10]
> Replicating critical objects from the base DN of the domain
> Partition[DC=fisherthompson,DC=local] objects[93] linked_values[7]
> Partition[DC=fisherthompson,DC=local] objects[387] linked_values[0]
> Partition[DC=fisherthompson,DC=local] objects[569] linked_values[175]
> Partition[DC=fisherthompson,DC=local] objects[741] linked_values[36]
> Partition[DC=fisherthompson,DC=local] objects[741] linked_values[0]
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=fisherthompson,DC=local
> Partition[DC=DomainDnsZones,DC=fisherthompson,DC=local] objects[191] 
> linked_values[0]
> Replicating DC=ForestDnsZones,DC=fisherthompson,DC=local
> Partition[DC=ForestDnsZones,DC=fisherthompson,DC=local] objects[33] 
> linked_values[0]
> Committing SAM database
> descriptor_sd_propagation_recursive: 
> DC=DomainDnsZones,DC=fisherthompson,DC=local not found under 
> DC=fisherthompson,DC=local
> descriptor_sd_propagation_recursive: 
> DC=ForestDnsZones,DC=fisherthompson,DC=local not found under 
> DC=fisherthompson,DC=local
> Sending DsReplicaUpdateRefs for all the replicated partitions
> Setting isSynchronized and dsServiceName
> Setting up secrets database
> Joined domain FISHERTHOMPSON (SID 
> S-1-5-21-4059926353-2957580592-3733343930) as a DC
>
> *************************************
> END OF DOMAIN JOIN
>
>
It looks like your windows DC doesn't store its DNS zones in AD, the 
code in join.py to replicate DNS info is this:


              print "Done with always replicated NC (base, config,
schema)"

             for nc in (ctx.domaindns_zone, ctx.forestdns_zone):
                 if nc in ctx.nc_list:
                     print "Replicating %s" % (str(nc))
                     repl.replicate(nc, source_dsa_invocation_id,
                                     destination_dsa_guid, rodc=ctx.RODC,
                                     replica_flags=ctx.replica_flags)

Your 'join' info shows this:

Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=fisherthompson,DC=local
Partition[DC=DomainDnsZones,DC=fisherthompson,DC=local] objects[191] 
linked_values[0]
Replicating DC=ForestDnsZones,DC=fisherthompson,DC=local
Partition[DC=ForestDnsZones,DC=fisherthompson,DC=local] objects[33] 
linked_values[0]
Committing SAM database
descriptor_sd_propagation_recursive: 
DC=DomainDnsZones,DC=fisherthompson,DC=local not found under 
DC=fisherthompson,DC=local
descriptor_sd_propagation_recursive: 
DC=ForestDnsZones,DC=fisherthompson,DC=local not found under 
DC=fisherthompson,DC=local

I 'think' the last two lines mean nothing was replicated because there 
was nothing to replicate to or from.

You say your windows DC runs a DNS server, what sort & type ?

Rowland

Jason Waters

2016-Jun-23 18:26 UTC

head link

[Samba] Unable to transfer ForestDns/DomainDNS

The built in DNS, sorry if that sounded like it was special!  So do I just
seize it then?  And do I do that before or after dcpromo?  Thanks for the
help.

Jason

On Thu, Jun 23, 2016 at 2:19 PM, Rowland penny <rpenny at samba.org>
wrote:
> On 23/06/16 18:52, Jason Waters wrote:
>
>> lol...sorry!
>>
>> - The windows domain controller does run a DNS server
>>
>> - I joined the samba DC's to the windows DC.  I used the normal
command,
>> but did get an error about the forest and domain dns. The error is:
>>
>> descriptor_sd_propagation_recursive:
>> DC=DomainDnsZones,DC=fisherthompson,DC=local not found under
>> DC=fisherthompson,DC=local
>> descriptor_sd_propagation_recursive:
>> DC=ForestDnsZones,DC=fisherthompson,DC=local not found under
>> DC=fisherthompson,DC=local
>>
>>
>> Below is the full join output.....
>>
>>
>> START OF DOMAIN JOIN
>> *************************************
>> root at DC01:/var/lib/samba# samba-tool domain join
fisherthompson.local DC
>> -UAdministrator
>> Finding a writeable DC for domain 'fisherthompson.local'
>> Found DC PDC.fisherthompson.local
>> Password for [FISHERTHOMPSON\Administrator]:
>> workgroup is FISHERTHOMPSON
>> realm is fisherthompson.local
>> checking sAMAccountName
>> Adding CN=DC01,OU=Domain Controllers,DC=fisherthompson,DC=local
>> Adding
>>
CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
>> Adding CN=NTDS
>>
Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
>> Adding SPNs to CN=DC01,OU=Domain Controllers,DC=fisherthompson,DC=local
>> Setting account password for DC01$
>> Enabling account
>> Calling bare provision
>> Looking up IPv4 addresses
>> Looking up IPv6 addresses
>> No IPv6 address will be assigned
>> Setting up share.ldb
>> Setting up secrets.ldb
>> Setting up the registry
>> Setting up the privileges database
>> Setting up idmap db
>> Setting up SAM db
>> Setting up sam.ldb partitions and settings
>> Setting up sam.ldb rootDSE
>> Pre-loading the Samba 4 and AD schema
>> A Kerberos configuration suitable for Samba 4 has been generated at
>> /var/lib/samba/private/krb5.conf
>> Provision OK for domain DN DC=fisherthompson,DC=local
>> Starting replication
>> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>> objects[402] linked_values[0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>> objects[804] linked_values[0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>> objects[1206] linked_values[0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>> objects[1376] linked_values[0]
>> Analyze and apply schema objects
>> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[402]
>> linked_values[0]
>> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[804]
>> linked_values[0]
>> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[1206]
>> linked_values[0]
>> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[1608]
>> linked_values[18]
>> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[1629]
>> linked_values[10]
>> Replicating critical objects from the base DN of the domain
>> Partition[DC=fisherthompson,DC=local] objects[93] linked_values[7]
>> Partition[DC=fisherthompson,DC=local] objects[387] linked_values[0]
>> Partition[DC=fisherthompson,DC=local] objects[569] linked_values[175]
>> Partition[DC=fisherthompson,DC=local] objects[741] linked_values[36]
>> Partition[DC=fisherthompson,DC=local] objects[741] linked_values[0]
>> Done with always replicated NC (base, config, schema)
>> Replicating DC=DomainDnsZones,DC=fisherthompson,DC=local
>> Partition[DC=DomainDnsZones,DC=fisherthompson,DC=local] objects[191]
>> linked_values[0]
>> Replicating DC=ForestDnsZones,DC=fisherthompson,DC=local
>> Partition[DC=ForestDnsZones,DC=fisherthompson,DC=local] objects[33]
>> linked_values[0]
>> Committing SAM database
>> descriptor_sd_propagation_recursive:
>> DC=DomainDnsZones,DC=fisherthompson,DC=local not found under
>> DC=fisherthompson,DC=local
>> descriptor_sd_propagation_recursive:
>> DC=ForestDnsZones,DC=fisherthompson,DC=local not found under
>> DC=fisherthompson,DC=local
>> Sending DsReplicaUpdateRefs for all the replicated partitions
>> Setting isSynchronized and dsServiceName
>> Setting up secrets database
>> Joined domain FISHERTHOMPSON (SID
>> S-1-5-21-4059926353-2957580592-3733343930) as a DC
>>
>> *************************************
>> END OF DOMAIN JOIN
>>
>>
>>
> It looks like your windows DC doesn't store its DNS zones in AD, the
code
> in join.py to replicate DNS info is this:
>
>
>              print "Done with always replicated NC (base, config,
schema)"
>
>             for nc in (ctx.domaindns_zone, ctx.forestdns_zone):
>                 if nc in ctx.nc_list:
>                     print "Replicating %s" % (str(nc))
>                     repl.replicate(nc, source_dsa_invocation_id,
>                                     destination_dsa_guid, rodc=ctx.RODC,
>                                     replica_flags=ctx.replica_flags)
>
> Your 'join' info shows this:
>
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=fisherthompson,DC=local
> Partition[DC=DomainDnsZones,DC=fisherthompson,DC=local] objects[191]
> linked_values[0]
> Replicating DC=ForestDnsZones,DC=fisherthompson,DC=local
> Partition[DC=ForestDnsZones,DC=fisherthompson,DC=local] objects[33]
> linked_values[0]
> Committing SAM database
> descriptor_sd_propagation_recursive:
> DC=DomainDnsZones,DC=fisherthompson,DC=local not found under
> DC=fisherthompson,DC=local
> descriptor_sd_propagation_recursive:
> DC=ForestDnsZones,DC=fisherthompson,DC=local not found under
> DC=fisherthompson,DC=local
>
> I 'think' the last two lines mean nothing was replicated because
there was
> nothing to replicate to or from.
>
> You say your windows DC runs a DNS server, what sort & type ?
>
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Jason Waters

2016-Jun-28 12:21 UTC

head link

[Samba] Unable to transfer ForestDns/DomainDNS

I still feel like there is something I can do to get the 2003 server to
have what I need to do a fsmo transfer instead of a seize.  Doesn't that
check box say to store it inside AD?

http://i.imgur.com/UolzBwP.png
http://i.imgur.com/tHTmB5c.png


On Tue, Jun 28, 2016 at 8:09 AM, Jason Waters <jason at geeknocity.com>
wrote:
> I still feel like there is something I can do to get the 2003 server to
> have what I need to do a fsmo transfer instead of a seize.  Doesn't
that
> check box say to store it inside AD?
>
> Thu, Jun 23, 2016 at 2:19 PM, Rowland penny <rpenny at samba.org>
wrote:
>
>> On 23/06/16 18:52, Jason Waters wrote:
>>
>>> lol...sorry!
>>>
>>> - The windows domain controller does run a DNS server
>>>
>>> - I joined the samba DC's to the windows DC.  I used the normal
command,
>>> but did get an error about the forest and domain dns. The error is:
>>>
>>> descriptor_sd_propagation_recursive:
>>> DC=DomainDnsZones,DC=fisherthompson,DC=local not found under
>>> DC=fisherthompson,DC=local
>>> descriptor_sd_propagation_recursive:
>>> DC=ForestDnsZones,DC=fisherthompson,DC=local not found under
>>> DC=fisherthompson,DC=local
>>>
>>>
>>> Below is the full join output.....
>>>
>>>
>>> START OF DOMAIN JOIN
>>> *************************************
>>> root at DC01:/var/lib/samba# samba-tool domain join
fisherthompson.local
>>> DC -UAdministrator
>>> Finding a writeable DC for domain 'fisherthompson.local'
>>> Found DC PDC.fisherthompson.local
>>> Password for [FISHERTHOMPSON\Administrator]:
>>> workgroup is FISHERTHOMPSON
>>> realm is fisherthompson.local
>>> checking sAMAccountName
>>> Adding CN=DC01,OU=Domain Controllers,DC=fisherthompson,DC=local
>>> Adding
>>>
CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
>>> Adding CN=NTDS
>>>
Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
>>> Adding SPNs to CN=DC01,OU=Domain
Controllers,DC=fisherthompson,DC=local
>>> Setting account password for DC01$
>>> Enabling account
>>> Calling bare provision
>>> Looking up IPv4 addresses
>>> Looking up IPv6 addresses
>>> No IPv6 address will be assigned
>>> Setting up share.ldb
>>> Setting up secrets.ldb
>>> Setting up the registry
>>> Setting up the privileges database
>>> Setting up idmap db
>>> Setting up SAM db
>>> Setting up sam.ldb partitions and settings
>>> Setting up sam.ldb rootDSE
>>> Pre-loading the Samba 4 and AD schema
>>> A Kerberos configuration suitable for Samba 4 has been generated at
>>> /var/lib/samba/private/krb5.conf
>>> Provision OK for domain DN DC=fisherthompson,DC=local
>>> Starting replication
>>> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>>> objects[402] linked_values[0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>>> objects[804] linked_values[0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>>> objects[1206] linked_values[0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>>> objects[1376] linked_values[0]
>>> Analyze and apply schema objects
>>> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[402]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[804]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=fisherthompson,DC=local]
objects[1206]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=fisherthompson,DC=local]
objects[1608]
>>> linked_values[18]
>>> Partition[CN=Configuration,DC=fisherthompson,DC=local]
objects[1629]
>>> linked_values[10]
>>> Replicating critical objects from the base DN of the domain
>>> Partition[DC=fisherthompson,DC=local] objects[93] linked_values[7]
>>> Partition[DC=fisherthompson,DC=local] objects[387] linked_values[0]
>>> Partition[DC=fisherthompson,DC=local] objects[569]
linked_values[175]
>>> Partition[DC=fisherthompson,DC=local] objects[741]
linked_values[36]
>>> Partition[DC=fisherthompson,DC=local] objects[741] linked_values[0]
>>> Done with always replicated NC (base, config, schema)
>>> Replicating DC=DomainDnsZones,DC=fisherthompson,DC=local
>>> Partition[DC=DomainDnsZones,DC=fisherthompson,DC=local]
objects[191]
>>> linked_values[0]
>>> Replicating DC=ForestDnsZones,DC=fisherthompson,DC=local
>>> Partition[DC=ForestDnsZones,DC=fisherthompson,DC=local] objects[33]
>>> linked_values[0]
>>> Committing SAM database
>>> descriptor_sd_propagation_recursive:
>>> DC=DomainDnsZones,DC=fisherthompson,DC=local not found under
>>> DC=fisherthompson,DC=local
>>> descriptor_sd_propagation_recursive:
>>> DC=ForestDnsZones,DC=fisherthompson,DC=local not found under
>>> DC=fisherthompson,DC=local
>>> Sending DsReplicaUpdateRefs for all the replicated partitions
>>> Setting isSynchronized and dsServiceName
>>> Setting up secrets database
>>> Joined domain FISHERTHOMPSON (SID
>>> S-1-5-21-4059926353-2957580592-3733343930) as a DC
>>>
>>> *************************************
>>> END OF DOMAIN JOIN
>>>
>>>
>>>
>> It looks like your windows DC doesn't store its DNS zones in AD,
the code
>> in join.py to replicate DNS info is this:
>>
>>
>>              print "Done with always replicated NC (base, config,
schema)"
>>
>>             for nc in (ctx.domaindns_zone, ctx.forestdns_zone):
>>                 if nc in ctx.nc_list:
>>                     print "Replicating %s" % (str(nc))
>>                     repl.replicate(nc, source_dsa_invocation_id,
>>                                     destination_dsa_guid,
rodc=ctx.RODC,
>>                                     replica_flags=ctx.replica_flags)
>>
>> Your 'join' info shows this:
>>
>> Done with always replicated NC (base, config, schema)
>> Replicating DC=DomainDnsZones,DC=fisherthompson,DC=local
>> Partition[DC=DomainDnsZones,DC=fisherthompson,DC=local] objects[191]
>> linked_values[0]
>> Replicating DC=ForestDnsZones,DC=fisherthompson,DC=local
>> Partition[DC=ForestDnsZones,DC=fisherthompson,DC=local] objects[33]
>> linked_values[0]
>> Committing SAM database
>> descriptor_sd_propagation_recursive:
>> DC=DomainDnsZones,DC=fisherthompson,DC=local not found under
>> DC=fisherthompson,DC=local
>> descriptor_sd_propagation_recursive:
>> DC=ForestDnsZones,DC=fisherthompson,DC=local not found under
>> DC=fisherthompson,DC=local
>>
>> I 'think' the last two lines mean nothing was replicated
because there
>> was nothing to replicate to or from.
>>
>> You say your windows DC runs a DNS server, what sort & type ?
>>
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>

Jason Waters

2016-Jun-29 15:23 UTC

head link

[Samba] Unable to transfer ForestDns/DomainDNS

So I setup a testing environment so I can test/break things.  I think my
issue is that something is screwed up with the Partitions on the windows
2003 server.  The forest and domain partitions look odd, are they?

 Mine looks kind of like this...

http://1ask2.com/Wndows2012/Upgrade/migration09.jpg

On Tue, Jun 28, 2016 at 8:21 AM, Jason Waters <jason at geeknocity.com>
wrote:
> I still feel like there is something I can do to get the 2003 server to
> have what I need to do a fsmo transfer instead of a seize.  Doesn't
that
> check box say to store it inside AD?
>
> http://i.imgur.com/UolzBwP.png
> http://i.imgur.com/tHTmB5c.png
>
>
> On Tue, Jun 28, 2016 at 8:09 AM, Jason Waters <jason at
geeknocity.com>
> wrote:
>
>> I still feel like there is something I can do to get the 2003 server to
>> have what I need to do a fsmo transfer instead of a seize.  Doesn't
that
>> check box say to store it inside AD?
>>
>> Thu, Jun 23, 2016 at 2:19 PM, Rowland penny <rpenny at samba.org>
wrote:
>>
>>> On 23/06/16 18:52, Jason Waters wrote:
>>>
>>>> lol...sorry!
>>>>
>>>> - The windows domain controller does run a DNS server
>>>>
>>>> - I joined the samba DC's to the windows DC.  I used the
normal
>>>> command, but did get an error about the forest and domain dns.
The error is:
>>>>
>>>> descriptor_sd_propagation_recursive:
>>>> DC=DomainDnsZones,DC=fisherthompson,DC=local not found under
>>>> DC=fisherthompson,DC=local
>>>> descriptor_sd_propagation_recursive:
>>>> DC=ForestDnsZones,DC=fisherthompson,DC=local not found under
>>>> DC=fisherthompson,DC=local
>>>>
>>>>
>>>> Below is the full join output.....
>>>>
>>>>
>>>> START OF DOMAIN JOIN
>>>> *************************************
>>>> root at DC01:/var/lib/samba# samba-tool domain join
fisherthompson.local
>>>> DC -UAdministrator
>>>> Finding a writeable DC for domain
'fisherthompson.local'
>>>> Found DC PDC.fisherthompson.local
>>>> Password for [FISHERTHOMPSON\Administrator]:
>>>> workgroup is FISHERTHOMPSON
>>>> realm is fisherthompson.local
>>>> checking sAMAccountName
>>>> Adding CN=DC01,OU=Domain Controllers,DC=fisherthompson,DC=local
>>>> Adding
>>>>
CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
>>>> Adding CN=NTDS
>>>>
Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
>>>> Adding SPNs to CN=DC01,OU=Domain
Controllers,DC=fisherthompson,DC=local
>>>> Setting account password for DC01$
>>>> Enabling account
>>>> Calling bare provision
>>>> Looking up IPv4 addresses
>>>> Looking up IPv6 addresses
>>>> No IPv6 address will be assigned
>>>> Setting up share.ldb
>>>> Setting up secrets.ldb
>>>> Setting up the registry
>>>> Setting up the privileges database
>>>> Setting up idmap db
>>>> Setting up SAM db
>>>> Setting up sam.ldb partitions and settings
>>>> Setting up sam.ldb rootDSE
>>>> Pre-loading the Samba 4 and AD schema
>>>> A Kerberos configuration suitable for Samba 4 has been
generated at
>>>> /var/lib/samba/private/krb5.conf
>>>> Provision OK for domain DN DC=fisherthompson,DC=local
>>>> Starting replication
>>>>
Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>>>> objects[402] linked_values[0]
>>>>
Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>>>> objects[804] linked_values[0]
>>>>
Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>>>> objects[1206] linked_values[0]
>>>>
Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>>>> objects[1376] linked_values[0]
>>>> Analyze and apply schema objects
>>>> Partition[CN=Configuration,DC=fisherthompson,DC=local]
objects[402]
>>>> linked_values[0]
>>>> Partition[CN=Configuration,DC=fisherthompson,DC=local]
objects[804]
>>>> linked_values[0]
>>>> Partition[CN=Configuration,DC=fisherthompson,DC=local]
objects[1206]
>>>> linked_values[0]
>>>> Partition[CN=Configuration,DC=fisherthompson,DC=local]
objects[1608]
>>>> linked_values[18]
>>>> Partition[CN=Configuration,DC=fisherthompson,DC=local]
objects[1629]
>>>> linked_values[10]
>>>> Replicating critical objects from the base DN of the domain
>>>> Partition[DC=fisherthompson,DC=local] objects[93]
linked_values[7]
>>>> Partition[DC=fisherthompson,DC=local] objects[387]
linked_values[0]
>>>> Partition[DC=fisherthompson,DC=local] objects[569]
linked_values[175]
>>>> Partition[DC=fisherthompson,DC=local] objects[741]
linked_values[36]
>>>> Partition[DC=fisherthompson,DC=local] objects[741]
linked_values[0]
>>>> Done with always replicated NC (base, config, schema)
>>>> Replicating DC=DomainDnsZones,DC=fisherthompson,DC=local
>>>> Partition[DC=DomainDnsZones,DC=fisherthompson,DC=local]
objects[191]
>>>> linked_values[0]
>>>> Replicating DC=ForestDnsZones,DC=fisherthompson,DC=local
>>>> Partition[DC=ForestDnsZones,DC=fisherthompson,DC=local]
objects[33]
>>>> linked_values[0]
>>>> Committing SAM database
>>>> descriptor_sd_propagation_recursive:
>>>> DC=DomainDnsZones,DC=fisherthompson,DC=local not found under
>>>> DC=fisherthompson,DC=local
>>>> descriptor_sd_propagation_recursive:
>>>> DC=ForestDnsZones,DC=fisherthompson,DC=local not found under
>>>> DC=fisherthompson,DC=local
>>>> Sending DsReplicaUpdateRefs for all the replicated partitions
>>>> Setting isSynchronized and dsServiceName
>>>> Setting up secrets database
>>>> Joined domain FISHERTHOMPSON (SID
>>>> S-1-5-21-4059926353-2957580592-3733343930) as a DC
>>>>
>>>> *************************************
>>>> END OF DOMAIN JOIN
>>>>
>>>>
>>>>
>>> It looks like your windows DC doesn't store its DNS zones in
AD, the
>>> code in join.py to replicate DNS info is this:
>>>
>>>
>>>              print "Done with always replicated NC (base,
config,
>>> schema)"
>>>
>>>             for nc in (ctx.domaindns_zone, ctx.forestdns_zone):
>>>                 if nc in ctx.nc_list:
>>>                     print "Replicating %s" % (str(nc))
>>>                     repl.replicate(nc, source_dsa_invocation_id,
>>>                                     destination_dsa_guid,
rodc=ctx.RODC,
>>>                                    
replica_flags=ctx.replica_flags)
>>>
>>> Your 'join' info shows this:
>>>
>>> Done with always replicated NC (base, config, schema)
>>> Replicating DC=DomainDnsZones,DC=fisherthompson,DC=local
>>> Partition[DC=DomainDnsZones,DC=fisherthompson,DC=local]
objects[191]
>>> linked_values[0]
>>> Replicating DC=ForestDnsZones,DC=fisherthompson,DC=local
>>> Partition[DC=ForestDnsZones,DC=fisherthompson,DC=local] objects[33]
>>> linked_values[0]
>>> Committing SAM database
>>> descriptor_sd_propagation_recursive:
>>> DC=DomainDnsZones,DC=fisherthompson,DC=local not found under
>>> DC=fisherthompson,DC=local
>>> descriptor_sd_propagation_recursive:
>>> DC=ForestDnsZones,DC=fisherthompson,DC=local not found under
>>> DC=fisherthompson,DC=local
>>>
>>> I 'think' the last two lines mean nothing was replicated
because there
>>> was nothing to replicate to or from.
>>>
>>> You say your windows DC runs a DNS server, what sort & type ?
>>>
>>>
>>> Rowland
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>
>>
>

Maybe Matching Threads

Search for more seemingly similar threads

samba - Jun 2016 - Unable to transfer ForestDns/DomainDNS

[Samba] Unable to transfer ForestDns/DomainDNS

[Samba] Unable to transfer ForestDns/DomainDNS

[Samba] Unable to transfer ForestDns/DomainDNS

[Samba] Unable to transfer ForestDns/DomainDNS

[Samba] Unable to transfer ForestDns/DomainDNS

Maybe Matching Threads