On Mon, 2016-12-12 at 19:45 +0000, Rowland Penny via samba wrote:> You seem to be missing two FSMO roles: > > > DomainDnsZonesMasterRole > > > ForestDnsZonesMasterRole > > > Just what version of Samba are you using ? > > My Samba 4.5.2 domain also appears to be missing these roles. > > Can I simply seize these roles? > > [root at larkin27 ~]# samba-tool fsmo show > > SchemaMasterRole owner: CN=NTDS > > Settings,CN=TEMP2008R2DC,CN=Servers,.. > > InfrastructureMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... > > RidAllocationMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... > > PdcEmulationMasterRole owner: CN=NTDS Settings,CN=LARKIN27,,... > > DomainNamingMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... > > DomainDnsZonesMasterRole has no current owner > > ForestDnsZonesMasterRole has no current owner > Yes, you should be able to, there was a problem like yours reported > earlier and that cured it.Initially, it appears to have worked. [root at larkin27 ~]# samba-tool fsmo seize --role=domaindns Seizing domaindns FSMO role... FSMO seize of 'domaindns' role successful [root at larkin27 ~]# samba-tool fsmo seize --role=forestdns Seizing forestdns FSMO role... FSMO seize of 'forestdns' role successful [root at larkin27 ~]# samba-tool fsmo show SchemaMasterRole owner: CN=NTDS Settings,CN=TEMP2008R2DC,... InfrastructureMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... RidAllocationMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... PdcEmulationMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... DomainNamingMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... DomainDnsZonesMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... It shows the same on one of the S4 DCs, but the DomainDnsZonesMasterRole still shows as "no current owner" on the third S4 DC [all Sernet 4.5.2]. Argh. [root at larkin28 ~]# samba-tool fsmo show SchemaMasterRole owner: CN=NTDS Settings,CN=TEMP2008R2DC,... InfrastructureMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... RidAllocationMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... PdcEmulationMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... DomainNamingMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... DomainDnsZonesMasterRole has no current owner ForestDnsZonesMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... -- Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA
On Tue, 13 Dec 2016 08:38:16 -0500 Adam Tauno Williams <awilliam at whitemice.org> wrote:> On Mon, 2016-12-12 at 19:45 +0000, Rowland Penny via samba wrote: > > You seem to be missing two FSMO roles: > > > > DomainDnsZonesMasterRole > > > > ForestDnsZonesMasterRole > > > > Just what version of Samba are you using ? > > > My Samba 4.5.2 domain also appears to be missing these roles. > > > Can I simply seize these roles? > > > [root at larkin27 ~]# samba-tool fsmo show > > > SchemaMasterRole owner: CN=NTDS > > > Settings,CN=TEMP2008R2DC,CN=Servers,.. > > > InfrastructureMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... > > > RidAllocationMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... > > > PdcEmulationMasterRole owner: CN=NTDS Settings,CN=LARKIN27,,... > > > DomainNamingMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... > > > DomainDnsZonesMasterRole has no current owner > > > ForestDnsZonesMasterRole has no current owner > > Yes, you should be able to, there was a problem like yours reported > > earlier and that cured it. > > Initially, it appears to have worked. > > [root at larkin27 ~]# samba-tool fsmo seize --role=domaindns > Seizing domaindns FSMO role... > FSMO seize of 'domaindns' role successful > [root at larkin27 ~]# samba-tool fsmo seize --role=forestdns > Seizing forestdns FSMO role... > FSMO seize of 'forestdns' role successful > [root at larkin27 ~]# samba-tool fsmo show > SchemaMasterRole owner: CN=NTDS Settings,CN=TEMP2008R2DC,... > InfrastructureMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... > RidAllocationMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... > PdcEmulationMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... > DomainNamingMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... > DomainDnsZonesMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... > > It shows the same on one of the S4 DCs, but the > DomainDnsZonesMasterRole still shows as "no current owner" on the > third S4 DC [all Sernet 4.5.2]. Argh. > > [root at larkin28 ~]# samba-tool fsmo show > SchemaMasterRole owner: CN=NTDS Settings,CN=TEMP2008R2DC,... > InfrastructureMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... > RidAllocationMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... > PdcEmulationMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... > DomainNamingMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... > DomainDnsZonesMasterRole has no current owner > ForestDnsZonesMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... >You could try checking the database on the third DC, 'samba-tool dbcheck --help' for more info. You could also try forcing replication to the third DC, 'samba-tool drs replicate --help' for more info. Rowland
> > Initially, it appears to have worked. ... > > It shows the same on one of the S4 DCs, but the > > DomainDnsZonesMasterRole still shows as "no current owner" on the > > third S4 DC [all Sernet 4.5.2]. Argh. > You could try checking the database on the third DC, 'samba-tool > dbcheck --help' for more info. > You could also try forcing replication to the third DC, 'samba-tool > drs replicate --help' for more info.The full-sync reports success, but the issue is not resolved on the third DC. [root at larkin28 ~]# samba-tool drs replicate --full-sync larkin28.micore.us larkin27.micore.us DC=micore,DC=us Replicate from larkin27.micore.us to larkin28.micore.us was successful. [root at larkin28 ~]# samba-tool fsmo show SchemaMasterRole owner: CN=NTDS Settings,CN=TEMP2008R2DC,... InfrastructureMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... RidAllocationMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... PdcEmulationMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... DomainNamingMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... DomainDnsZonesMasterRole has no current owner ForestDnsZonesMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... -- Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA