This is the output of that command.
root at DC01:~# ldbsearch --cross-ncs -H ldap://pdc -b
"DC=DomainDnsZones,DC=fisherthompson,DC=local" -s sub -Uadministrator
Password for [FISHERTHOMPSON\administrator]:
search error - LDAP error 10 LDAP_REFERRAL - <0000202B: RefErr:
DSID-0310063C, data 0, 1 access points
ref 1:
'DomainDnsZones.fisherthompson.local'>
<ldap://DomainDnsZones.fisherthompson.local/DC=DomainDnsZones,DC=fisherthompson,DC=local>
root at DC01:~#
wouldn't dcpromo take it out of the active directory? And then seizing it
would have the domain point to the new DC? I have some printers and things
like that that I would really like time to transfer. But if I can't I
can't....Or maybe even block with iptables any traffic from PDC to DC01 or
DC02?
On Thu, Jun 23, 2016 at 2:45 PM, Rowland penny <rpenny at samba.org>
wrote:
> On 23/06/16 19:26, Jason Waters wrote:
>
>> The built in DNS, sorry if that sounded like it was special! So do I
>> just seize it then? And do I do that before or after dcpromo? Thanks
for
>> the help.
>>
>> Jason
>>
>>
> I think you are going to have to, but I would try a further slight test
> first. run this:
>
> ldbsearch --cross-ncs -H ldap://pdc -b
> "DC=DomainDnsZones,DC=fisherthompson,DC=local" -s sub
-Uadministrator
>
> This should display all your DNS records
>
> Just double check that they don't exist.
>
> If you then go on to seize the roles, use the '--force' option with
> 'samba-tool fsmo seize' , this will bypass trying to transfer the
role
> first.
>
> I would transfer anything on the windows DC that you may need, then turn
> it off. You should then be able to seize the roles. Do not bring the old DC
> back on line unless you stop the DC software from starting, I would also
> change its hostname and if possible, its ipaddress.
>
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
On 23/06/16 19:53, Jason Waters wrote:> This is the output of that command. > > root at DC01:~# ldbsearch --cross-ncs -H ldap://pdc -b > "DC=DomainDnsZones,DC=fisherthompson,DC=local" -s sub -Uadministrator > Password for [FISHERTHOMPSON\administrator]: > search error - LDAP error 10 LDAP_REFERRAL - <0000202B: RefErr: > DSID-0310063C, data 0, 1 access points > ref 1: 'DomainDnsZones.fisherthompson.local' > > > <ldap://DomainDnsZones.fisherthompson.local/DC=DomainDnsZones,DC=fisherthompson,DC=local> > root at DC01:~# > > > wouldn't dcpromo take it out of the active directory?I haven't a clue :-) I have never used dcpromo, but from my dealings with microsoft, dcpromo probably is another name for dcdelete :-D> And then seizing it would have the domain point to the new DC?From what you posted earlier, the domain already points to the new DC, you just need to get the DNS fsmo roles.> I have some printers and things like that that I would really like > time to transfer.See here for printer setup: https://wiki.samba.org/index.php/Print_server_support and here for shares: https://wiki.samba.org/index.php/Shares_with_Windows_ACLs> But if I can't I can't....Or maybe even block with iptables any > traffic from PDC to DC01 or DC02?The problem with the old DC, is not so much the old DC, but with what is in AD, if you can be sure that all references to the old DC being in charge of anything is removed, then you probably can still use it, but there is the problem of lack of DNS info in the old DCs AD. Rowland
You said, "From what you posted earlier, the domain already points to the new DC, you just need to get the DNS fsmo roles." how so? The fsmo show, shows PDC, which is the old DC. DC01 is the new one. Or am I missing something else? As far as keeping it online I will just move everything I can and then seize and shut it down. I can turn off the networking to it since it is a VM and still see some things. Won't the new DC's(DC01,DC02) still have replication information about PDC though? the seize command wouldn't adjust that? On Thu, Jun 23, 2016 at 3:28 PM, Rowland penny <rpenny at samba.org> wrote:> On 23/06/16 19:53, Jason Waters wrote: > >> This is the output of that command. >> >> root at DC01:~# ldbsearch --cross-ncs -H ldap://pdc -b >> "DC=DomainDnsZones,DC=fisherthompson,DC=local" -s sub -Uadministrator >> Password for [FISHERTHOMPSON\administrator]: >> search error - LDAP error 10 LDAP_REFERRAL - <0000202B: RefErr: >> DSID-0310063C, data 0, 1 access points >> ref 1: 'DomainDnsZones.fisherthompson.local' >> > >> <ldap://DomainDnsZones.fisherthompson.local/DC=DomainDnsZones,DC=fisherthompson,DC=local> >> root at DC01:~# >> >> >> wouldn't dcpromo take it out of the active directory? >> > > I haven't a clue :-) > I have never used dcpromo, but from my dealings with microsoft, dcpromo > probably is another name for dcdelete :-D > > And then seizing it would have the domain point to the new DC? >> > > From what you posted earlier, the domain already points to the new DC, you > just need to get the DNS fsmo roles. > > I have some printers and things like that that I would really like time >> to transfer. >> > > See here for printer setup: > https://wiki.samba.org/index.php/Print_server_support > > and here for shares: > https://wiki.samba.org/index.php/Shares_with_Windows_ACLs > > But if I can't I can't....Or maybe even block with iptables any traffic >> from PDC to DC01 or DC02? >> > > The problem with the old DC, is not so much the old DC, but with what is > in AD, if you can be sure that all references to the old DC being in charge > of anything is removed, then you probably can still use it, but there is > the problem of lack of DNS info in the old DCs AD. > > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >