I have been replacing some "old" hardware and have demoted two DC's with 'samba-tool' as per the Samba wiki demotion page. When running Louis' "samba-info.sh" script, that script still finds the presence of the old, now demoted DC hostnames. Further investigation thru RSAT (W10) found the demoted both DC's still listed under the ADUC>Computers (along with all the other pc's on the AD) despite their having been demoted. (They were, however, not listed as the active DC's, simply computers still included in the AD. And, I will add here that they have been physically turned off and still appear as part of the group of computers associated with the AD.) Also, under the RSAT >> "Active Directory Sites and Services" lists all four DC's, the two demoted DC's as well as the currently active DC's. Not that there appears to be any issue with the script but, the results prompted looking deeper. So, the bigger question is, demotion of a DC does not necessarily "completely remove" the DC from the AD site? There is a need to access, via RSAT, to complete the demotion? -- Bob Wooden
On Mon, 3 Jul 2017 07:42:58 -0500 Robert Wooden via samba <samba at lists.samba.org> wrote:> I have been replacing some "old" hardware and have demoted two DC's > with 'samba-tool' as per the Samba wiki demotion page. > > When running Louis' "samba-info.sh" script, that script still finds > the presence of the old, now demoted DC hostnames. Further > investigation thru RSAT (W10) found the demoted both DC's still > listed under the > ADUC>Computers (along with all the other pc's on the AD) despite their > having been demoted. (They were, however, not listed as the active > DC's, simply computers still included in the AD. And, I will add here > that they have been physically turned off and still appear as part of > the group of computers associated with the AD.) > > Also, under the RSAT >> "Active Directory Sites and Services" lists > all four DC's, the two demoted DC's as well as the currently active > DC's. > > Not that there appears to be any issue with the script but, the > results prompted looking deeper. > > So, the bigger question is, demotion of a DC does not necessarily > "completely remove" the DC from the AD site? There is a need to > access, via RSAT, to complete the demotion? >I think the bigger question here is, where are the DCs stored in AD ? Are they in 'OU=Domain Controllers,DC=samdom,DC=example,DC=com' Or 'CN=Computers,DC=samdom,DC=example,DC=com' Rowland
On Tue, 4 Jul 2017 10:58:40 -0500 Robert Wooden <bob at donelsontrophy.com> wrote:> Due to an unrelated incident I was forced to restart the DC. Further > review sees that the "CNAME" and "NS" issues are gone. > > The only issue remaining is changing the "SOA" hostname to the > current DC. > > Simpler suggestion than what I had asked for in the initial email. > > How do I change the SOA record? >OK, to add a dns record with samba-tool you need to follow this usage: samba-tool dns add <server> <zone> <name> <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data> Deleting a record is exactly the same , you just replace 'add' with 'delete' So, to delete or add a SOA record, you need to use something like this: samba-tool dns delete 127.0.0.1 dtshrm.dt @ NS dc03.dtshrm.dt Rowland
Is there a way to list all the current entries with samba-tool? Use it as a way to check what is happening? On Tue, Jul 4, 2017 at 11:15 AM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Tue, 4 Jul 2017 10:58:40 -0500 > Robert Wooden <bob at donelsontrophy.com> wrote: > > > Due to an unrelated incident I was forced to restart the DC. Further > > review sees that the "CNAME" and "NS" issues are gone. > > > > The only issue remaining is changing the "SOA" hostname to the > > current DC. > > > > Simpler suggestion than what I had asked for in the initial email. > > > > How do I change the SOA record? > > > > OK, to add a dns record with samba-tool you need to follow this usage: > > samba-tool dns add <server> <zone> <name> > <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data> > > Deleting a record is exactly the same , you just replace 'add' with > 'delete' > > So, to delete or add a SOA record, you need to use something > like this: > > samba-tool dns delete 127.0.0.1 dtshrm.dt @ NS dc03.dtshrm.dt > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Thank you for your business. ALSO, please *update your records*, MY EMAIL ADDRESS *now* ends in *".COM"**.* Bob Wooden 615.885.2846 www.donelsontrophy.com "Everyone deserves an award!!"