On 11/07/16 21:43, Rowland penny wrote:> On 11/07/16 21:38, Jason Waters wrote: >> Didn't his second email show the output of fsmo show? Which showed >> all 7 roles. But you are correct, making sure things are actually >> there before he kills the old one is best! >> >> On Mon, Jul 11, 2016 at 4:13 PM, Rowland penny <rpenny at samba.org >> <mailto:rpenny at samba.org>> wrote: >> >> On 11/07/16 21:06, Jason Waters wrote: >> >> It did show that he had all 7 but that is a good point. I >> would shutdown the 2008 server and make sure users can login, >> etc.... >> >> >> I haven't seen the OP saying that the Samba DC is showing all >> the 7 FSMO roles and I would like to know. I need to know what, if >> anything, is different on an AD DC, DNS wise. >> >> Rowland >> >> >> >> > > Rats, I sometimes hate Thunderbird, it was hidden by a 'show quoted > text', yes it does look like his Samba DC has all the FSMO roles, > provided his Samba DC is called 'GTESTE2' > > RowlandOK, I did a bit of googling and it seems that this is not just a Samba problem, see here: https://social.technet.microsoft.com/Forums/scriptcenter/en-US/b1af276f-1a12-4a78-8ea3-f49ab04844ea/the-directory-service-is-missing-mandatory-configuration-information-and-is-unable-to-determine-the?forum=winserverDS Read right to the bottom, I think the answer is there. Rowland
Do you want to keep this 2008 machine in the mix? Or are you looking to move everything to samba? On Tue, Jul 12, 2016 at 8:14 AM, Rowland penny <rpenny at samba.org> wrote:> On 11/07/16 21:43, Rowland penny wrote: > >> On 11/07/16 21:38, Jason Waters wrote: >> >>> Didn't his second email show the output of fsmo show? Which showed all >>> 7 roles. But you are correct, making sure things are actually there before >>> he kills the old one is best! >>> >>> On Mon, Jul 11, 2016 at 4:13 PM, Rowland penny <rpenny at samba.org >>> <mailto:rpenny at samba.org>> wrote: >>> >>> On 11/07/16 21:06, Jason Waters wrote: >>> >>> It did show that he had all 7 but that is a good point. I >>> would shutdown the 2008 server and make sure users can login, >>> etc.... >>> >>> >>> I haven't seen the OP saying that the Samba DC is showing all >>> the 7 FSMO roles and I would like to know. I need to know what, if >>> anything, is different on an AD DC, DNS wise. >>> >>> Rowland >>> >>> >>> >>> >>> >> Rats, I sometimes hate Thunderbird, it was hidden by a 'show quoted >> text', yes it does look like his Samba DC has all the FSMO roles, provided >> his Samba DC is called 'GTESTE2' >> >> Rowland >> > > OK, I did a bit of googling and it seems that this is not just a Samba > problem, see here: > > > https://social.technet.microsoft.com/Forums/scriptcenter/en-US/b1af276f-1a12-4a78-8ea3-f49ab04844ea/the-directory-service-is-missing-mandatory-configuration-information-and-is-unable-to-determine-the?forum=winserverDS > > Read right to the bottom, I think the answer is there. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
I tried that fix and it did not work for me, but I do think I was in 2003 trying to do it. People were having issues using edsiedit to change that entry. The only entries that I was able to put in there was blank or or the machine I was on. I tried using ntsdutil.exe and was able to use it to change to the same two entries, not the new role owner! On Tue, Jul 12, 2016 at 8:19 AM, Jason Waters <jason at geeknocity.com> wrote:> Do you want to keep this 2008 machine in the mix? Or are you looking to > move everything to samba? > > On Tue, Jul 12, 2016 at 8:14 AM, Rowland penny <rpenny at samba.org> wrote: > >> On 11/07/16 21:43, Rowland penny wrote: >> >>> On 11/07/16 21:38, Jason Waters wrote: >>> >>>> Didn't his second email show the output of fsmo show? Which showed all >>>> 7 roles. But you are correct, making sure things are actually there before >>>> he kills the old one is best! >>>> >>>> On Mon, Jul 11, 2016 at 4:13 PM, Rowland penny <rpenny at samba.org >>>> <mailto:rpenny at samba.org>> wrote: >>>> >>>> On 11/07/16 21:06, Jason Waters wrote: >>>> >>>> It did show that he had all 7 but that is a good point. I >>>> would shutdown the 2008 server and make sure users can login, >>>> etc.... >>>> >>>> >>>> I haven't seen the OP saying that the Samba DC is showing all >>>> the 7 FSMO roles and I would like to know. I need to know what, if >>>> anything, is different on an AD DC, DNS wise. >>>> >>>> Rowland >>>> >>>> >>>> >>>> >>>> >>> Rats, I sometimes hate Thunderbird, it was hidden by a 'show quoted >>> text', yes it does look like his Samba DC has all the FSMO roles, provided >>> his Samba DC is called 'GTESTE2' >>> >>> Rowland >>> >> >> OK, I did a bit of googling and it seems that this is not just a Samba >> problem, see here: >> >> >> https://social.technet.microsoft.com/Forums/scriptcenter/en-US/b1af276f-1a12-4a78-8ea3-f49ab04844ea/the-directory-service-is-missing-mandatory-configuration-information-and-is-unable-to-determine-the?forum=winserverDS >> >> Read right to the bottom, I think the answer is there. >> >> Rowland >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > >
This is what I would do.
1. Make sure everything is off of the 2008 machine so you don't need to
turn it back on
2. Shut down the 2008 machine
2.5 Update your DNS on the samba machine to be the samba machine, not the
2008 DC
3. Test everything and make sure samba is fully working on your domain
4. Test everything again
5. Test!
6. Seize the roles on your samba machine, samba-tool fsmo seize --force
--role=all -Uadministrator
I don't think you need the -U, but just in case
7. Reboot that machine and make sure everything looks good
8. make sure samba-tool fsmo show, shows all 7 roles of the samba machine
9. From a workstation, run the Metadata clean.vbs script. This will remove
the replication to the now off 2008 DC
10. Reboot the samba box
11. run samba-tool drs showrepl and it shouldn't show any partners
12. Once that is done you should just have samba. You can then add more
DC's with
samba-tool domain join domain.local DC -UAdministrator
and any other options you need.
On Tue, Jul 12, 2016 at 8:24 AM, Anderson Hoffmann do Carmo <
anderson.hoffmann at gsurfnet.com> wrote:
> I want to move all to SAMBA and remove Windows DC from AD (no mix)
>
>
> Anderson Hoffmann do Carmo
> MCP | MTA | MCDST | MCTS | MCSA | MS | MOS |
> ITIL-F | ISFS | CLOUDF | CI-SCS | VCA-DCV |
>
>
>
> 2016-07-12 9:19 GMT-03:00 Jason Waters <jason at geeknocity.com>:
>
>> Do you want to keep this 2008 machine in the mix? Or are you looking
to
>> move everything to samba?
>>
>> On Tue, Jul 12, 2016 at 8:14 AM, Rowland penny <rpenny at
samba.org> wrote:
>>
>> > On 11/07/16 21:43, Rowland penny wrote:
>> >
>> >> On 11/07/16 21:38, Jason Waters wrote:
>> >>
>> >>> Didn't his second email show the output of fsmo show?
Which showed
>> all
>> >>> 7 roles. But you are correct, making sure things are
actually there
>> before
>> >>> he kills the old one is best!
>> >>>
>> >>> On Mon, Jul 11, 2016 at 4:13 PM, Rowland penny <rpenny
at samba.org
>> >>> <mailto:rpenny at samba.org>> wrote:
>> >>>
>> >>> On 11/07/16 21:06, Jason Waters wrote:
>> >>>
>> >>> It did show that he had all 7 but that is a good
point. I
>> >>> would shutdown the 2008 server and make sure users
can login,
>> >>> etc....
>> >>>
>> >>>
>> >>> I haven't seen the OP saying that the Samba DC
is showing all
>> >>> the 7 FSMO roles and I would like to know. I need to
know what, if
>> >>> anything, is different on an AD DC, DNS wise.
>> >>>
>> >>> Rowland
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >> Rats, I sometimes hate Thunderbird, it was hidden by a
'show quoted
>> >> text', yes it does look like his Samba DC has all the FSMO
roles,
>> provided
>> >> his Samba DC is called 'GTESTE2'
>> >>
>> >> Rowland
>> >>
>> >
>> > OK, I did a bit of googling and it seems that this is not just a
Samba
>> > problem, see here:
>> >
>> >
>> >
>>
https://social.technet.microsoft.com/Forums/scriptcenter/en-US/b1af276f-1a12-4a78-8ea3-f49ab04844ea/the-directory-service-is-missing-mandatory-configuration-information-and-is-unable-to-determine-the?forum=winserverDS
>> >
>> > Read right to the bottom, I think the answer is there.
>> >
>> > Rowland
>> >
>> >
>> >
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions: https://lists.samba.org/mailman/options/samba
>> >
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
>
On 12/07/16 13:33, Jason Waters wrote:> This is what I would do. > > 1. Make sure everything is off of the 2008 machine so you don't need to > turn it back on > 2. Shut down the 2008 machine > 2.5 Update your DNS on the samba machine to be the samba machine, not the > 2008 DC > 3. Test everything and make sure samba is fully working on your domain > 4. Test everything again > 5. Test! > 6. Seize the roles on your samba machine, samba-tool fsmo seize --force > --role=all -Uadministrator > I don't think you need the -U, but just in caseYes you do, it is required if you are transferring or seizing the DNS FSMO roles.> 7. Reboot that machine and make sure everything looks good > 8. make sure samba-tool fsmo show, shows all 7 roles of the samba machine > 9. From a workstation, run the Metadata clean.vbs script. This will remove > the replication to the now off 2008 DCThis is what 'samba-tool domain demote --remove-other-dead-server=REMOVE_OTHER_DEAD_SERVER' does on Samba 4.4.0 up Rowland> 10. Reboot the samba box > 11. run samba-tool drs showrepl and it shouldn't show any partners > 12. Once that is done you should just have samba. You can then add more > DC's with > > samba-tool domain join domain.local DC -UAdministrator > > and any other options you need. > > >