Hello, As far as I know, there is no Wiki article for transferring FSMO Roles to Server 2008 R2 DC. This article’s focus is on joining a Server 2012 DC to a Samba4 domain, but it touches on the subject: https://wiki.samba.org/index.php/Joining_a_Windows_Server_2012_/_2012_R2_DC_to_a_Samba_AD <https://wiki.samba.org/index.php/Joining_a_Windows_Server_2012_/_2012_R2_DC_to_a_Samba_AD> I would like to suggest a new wiki page be made for transferring FSMO Roles to Server 2008/2008 R2 DC specifically and have some notes to add to what is present in the 2012 joining page. 1. RE: The SysVol replication section: Robocopy based sysvol replication appears to only be for Samba4 —> Windows DC SysVol Replication, so I don’t think it is applicable if the FSMO is a Windows DC 2. RE: The SysVol Share section: The SysVol share doesn’t exist upon successful join of 2008/R2 DC, but the netlogon share also does not exist and this is not addressed in the article 3. RE: FSMO Roles section: This section references Transferring and seizing FSMO_Roles wiki article, which points to https://support.microsoft.com/en-us/kb/324801 to do this the MS way. This only addresses the first 5 roles shown in samba-tool fsmo show. In order to move DomainDnsZonesMasterRole and ForestDnsZonesMasterRole, the following steps are necessary: To transfer the infrastructure master for application partitions: Open ADSIEdit. Connect to the server you want to transfer the roles to (it is important, otherwise you'll get an error). For domain DNS zones: Connect to DC=DomainDnsZones,DC=yourdomain,DC=tld Open the properties of the object CN=Infrastructure,DC=DomainDnsZones,DC=yourdomain,DC=tld Change the attribute fSMORoleOwner toCN=NTDSSettings,CN=Name_of_DC,CN=Servers,CN=DRSite,CN=Sites,CN=Configuration,DC=Yourdomain,DC=TLD For forest DNS zones Connect to DC=ForestDnsZones,DC=yourdomain,DC=tld and do the same. Same for any other application partitions if they exist. Source: https://social.technet.microsoft.com/Forums/windowsserver/en-US/b77a7e5c-590e-4d23-a9cb-8c4c0f403baf/forestdnszones-and-domaindnszones-have-wrong-infrastructure-role-record?forum=winserverDS <https://social.technet.microsoft.com/Forums/windowsserver/en-US/b77a7e5c-590e-4d23-a9cb-8c4c0f403baf/forestdnszones-and-domaindnszones-have-wrong-infrastructure-role-record?forum=winserverDS> i have tested this process and it works to get all FSMO roles transferred to Windows Server 2008R2 DC. Thomas Maerz
Hello Thomas, Am 18.10.2016 um 19:00 schrieb Thomas Maerz via samba:> As far as I know, there is no Wiki article for transferring > FSMO Roles to Server 2008 R2 DC.We have: https://wiki.samba.org/index.php/Transfering_and_Seizing_FSMO_Roles#Windows_FSMO_Role_Management> I would like to suggest a new wiki page be made for > transferring FSMO Roles to Server 2008/2008 R2 DC > specifically and have some notes to add to what is > present in the 2012 joining page. > > 1. RE: The SysVol replication section: Robocopy based sysvol > replication appears to only be for Samba4 —> Windows > DC SysVol Replication, so I don’t think it > is applicable if the FSMO is a Windows DCIt's just a suggestion to use the DC with this role. You can use any other DC as well. It doesn't make sense to transfer the role for this.> 2. RE: The SysVol Share section: The SysVol share doesn’t > exist upon successful join of 2008/R2 DC, but the netlogon > share also does not exist and this is not > addressed in the articleHow is this related to FSMO roles? What is necessary to make the share appear?> 3. RE: FSMO Roles section: This section references Transferring > and seizing FSMO_Roles wiki article, which points to > https://support.microsoft.com/en-us/kb/324801 to do > this the MS way. > This only addresses the first 5 roles shown in samba-tool > fsmo show. In order to move DomainDnsZonesMasterRole > and ForestDnsZonesMasterRole, the following steps are necessary: > ...Isn't this something users find in Windows documentation? This is not something special caused by Samba. I vote for not documenting things that are pure Windows and doesn't require anything special because of Samba behavior. Regards, Marc
On Tue, 18 Oct 2016 22:28:29 +0200 Marc Muehlfeld via samba <samba at lists.samba.org> wrote:> Hello Thomas, > > Am 18.10.2016 um 19:00 schrieb Thomas Maerz via samba: > > As far as I know, there is no Wiki article for transferring > > FSMO Roles to Server 2008 R2 DC. > > We have: > https://wiki.samba.org/index.php/Transfering_and_Seizing_FSMO_Roles#Windows_FSMO_Role_Management > >I wondered whether I should post something on this, never having tried the code against a windows DC, I didn't know if it would work. I cannot see any reason why it wouldn't work, after all, the changes are made in AD. If it does work for the first 5 of the roles, it should work for the other two and paraphrasing what it says in those annoying surface ad's, you can't do that on a windows PC!> > > I would like to suggest a new wiki page be made for > > transferring FSMO Roles to Server 2008/2008 R2 DC > > specifically and have some notes to add to what is > > present in the 2012 joining page. > > > > 1. RE: The SysVol replication section: Robocopy based sysvol > > replication appears to only be for Samba4 —> Windows > > DC SysVol Replication, so I don’t think it > > is applicable if the FSMO is a Windows DC > > It's just a suggestion to use the DC with this role. You can use any > other DC as well. It doesn't make sense to transfer the role for this. >Totally agree> > > > 2. RE: The SysVol Share section: The SysVol share doesn’t > > exist upon successful join of 2008/R2 DC, but the netlogon > > share also does not exist and this is not > > addressed in the article > > How is this related to FSMO roles? > What is necessary to make the share appear? > > > > > 3. RE: FSMO Roles section: This section references Transferring > > and seizing FSMO_Roles wiki article, which points to > > https://support.microsoft.com/en-us/kb/324801 to do > > this the MS way. > > This only addresses the first 5 roles shown in samba-tool > > fsmo show. In order to move DomainDnsZonesMasterRole > > and ForestDnsZonesMasterRole, the following steps are necessary: > > ... > > Isn't this something users find in Windows documentation? This is not > something special caused by Samba.As I said, this is something you can do on a Samba DC. but not on a windows DC.> > I vote for not documenting things that are pure Windows and doesn't > require anything special because of Samba behavior.There shouldn't be anything on the Samba wiki that isn't directly or indirectly relevant to Samba, anything purely about windows is not relevant. Rowland> > > Regards, > Marc >
Hi, Would you mind telling me which version of samba are you using to transfer the FSMO roles ? Seems I cannot transfer using Samba 4.5.1. Thanks. Best, Kelvin Yip -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Thomas Maerz via samba Sent: Wednesday, October 19, 2016 1:00 AM To: samba <samba at lists.samba.org> Subject: [Samba] Transferring FSMO Roles to Server 2008 R2 DC Hello, As far as I know, there is no Wiki article for transferring FSMO Roles to Server 2008 R2 DC. This article’s focus is on joining a Server 2012 DC to a Samba4 domain, but it touches on the subject: https://wiki.samba.org/index.php/Joining_a_Windows_Server_2012_/_2012_R2_DC_to_a_Samba_AD <https://wiki.samba.org/index.php/Joining_a_Windows_Server_2012_/_2012_R2_DC_to_a_Samba_AD> I would like to suggest a new wiki page be made for transferring FSMO Roles to Server 2008/2008 R2 DC specifically and have some notes to add to what is present in the 2012 joining page. 1. RE: The SysVol replication section: Robocopy based sysvol replication appears to only be for Samba4 —> Windows DC SysVol Replication, so I don’t think it is applicable if the FSMO is a Windows DC 2. RE: The SysVol Share section: The SysVol share doesn’t exist upon successful join of 2008/R2 DC, but the netlogon share also does not exist and this is not addressed in the article 3. RE: FSMO Roles section: This section references Transferring and seizing FSMO_Roles wiki article, which points to https://support.microsoft.com/en-us/kb/324801 to do this the MS way. This only addresses the first 5 roles shown in samba-tool fsmo show. In order to move DomainDnsZonesMasterRole and ForestDnsZonesMasterRole, the following steps are necessary: To transfer the infrastructure master for application partitions: Open ADSIEdit. Connect to the server you want to transfer the roles to (it is important, otherwise you'll get an error). For domain DNS zones: Connect to DC=DomainDnsZones,DC=yourdomain,DC=tld Open the properties of the object CN=Infrastructure,DC=DomainDnsZones,DC=yourdomain,DC=tld Change the attribute fSMORoleOwner toCN=NTDSSettings,CN=Name_of_DC,CN=Servers,CN=DRSite,CN=Sites,CN=Configuration,DC=Yourdomain,DC=TLD For forest DNS zones Connect to DC=ForestDnsZones,DC=yourdomain,DC=tld and do the same. Same for any other application partitions if they exist. Source: https://social.technet.microsoft.com/Forums/windowsserver/en-US/b77a7e5c-590e-4d23-a9cb-8c4c0f403baf/forestdnszones-and-domaindnszones-have-wrong-infrastructure-role-record?forum=winserverDS <https://social.technet.microsoft.com/Forums/windowsserver/en-US/b77a7e5c-590e-4d23-a9cb-8c4c0f403baf/forestdnszones-and-domaindnszones-have-wrong-infrastructure-role-record?forum=winserverDS> i have tested this process and it works to get all FSMO roles transferred to Windows Server 2008R2 DC. Thomas Maerz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba