Hi Pietro,
I noticed this problem removing a Windows DC the other day. I've sent a
patch to the samba-technical mailing list that should fix this.
https://lists.samba.org/archive/samba-technical/2018-June/128703.html
I also raised a bug for it: https://bugzilla.samba.org/show_bug.cgi?id=13484
The patch should hopefully be delivered soon. If you feel comfortable
patching the Samba code yourself, you could apply the change yourself
(it's very minor). Otherwise, you could wait a day or two until it's
delivered to master, and then clone the latest samba.git.
Once the change is applied, re-running the 'samba-tool domain demote
--remove-other-dead-server' command should work.
Thanks,
Tim
On 23/06/18 02:55, Pietro Stäheli via samba wrote:> Hi,
>
> On 20/06/2018 20:38, Andrew Bartlett wrote:
>> To be clear, we don't replicate sysvol, you need to work that out
>> yourself (yes, this sucks).
>>
>
> Right, I'm doing that with Robocopy from the Windows DC initially,
> then with rsync.
>
>>> Is there any further preparation I need to do on the Windows server
>>> side
>>> to make a clean demotion possible? I can force the removal of the
>>> Windows DC but this led to leftover data in the LDAP database and
DNS
>>> that I have to excise by hand, which I don't find ideal.
>>>
>>> I'm thankful for any advice on how to accomplish this.
>>
>> samba-tool domain demote --remove-other-dead-server
>>
>
> Unfortunately this causes the following error:
>
> # samba-tool domain demote --remove-other-dead-server=DC
> Removing nTDSConnection:
> CN=6e15b4f5-1863-4259-8817-c7835ed7815e,CN=NTDS
>
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=lan
> Removing nTDSDSA: CN=NTDS
>
Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=lan
> (and any children)
> ERROR(ldb): uncaught exception - subtree_delete: Unable to delete a
> non-leaf node (it has 1 children)!
> File
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 176, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
line
> 721, in run
> remove_dc.remove_dc(samdb, logger, remove_other_dead_server)
> File "/usr/lib/python2.7/dist-packages/samba/remove_dc.py",
line
> 422, in remove_dc
> remove_dns_account=True)
> File "/usr/lib/python2.7/dist-packages/samba/remove_dc.py",
line
> 350, in offline_remove_ntds_dc
> remove_dns_account=remove_dns_account)
> File "/usr/lib/python2.7/dist-packages/samba/remove_dc.py",
line
> 229, in offline_remove_server
> samdb.delete(server_dn)
> A transaction is still active in ldb context [0x560a67adb490] on
> tdb:///var/lib/samba/private/sam.ldb
>
> (never mind that this is now on DC1, not DC3, I've torn down the test
> environment a few times)
>
> Manual removal of
>
'CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=lan'
> in ADSIEdit didn't go well and caused all replication to break at some
> point. I must be missing something here but I can't quite figure out
> what exactly.
>
> Best regards,
> Pietro Stäheli
>