Hi, This way don't works too. root at samba4-dc:~# samba-tool fsmo transfer --role=forestdns -Uadministrator Password for [EMPRESA\administrator]: ERROR: Failed to add role 'forestdns': LDAP error 53 LDAP_UNWILLING_TO_PERFORM - <000020AE: SvcErr: DSID-03152BF7, problem 5003 (WILL_NOT_PERFORM), data 0> <>root at samba4-dc:~# samba-tool fsmo transfer --role=domaindns -Uadministrator Password for [EMPRESA\administrator]: ERROR: Failed to add role 'domaindns': LDAP error 53 LDAP_UNWILLING_TO_PERFORM - <000020AE: SvcErr: DSID-03152BF7, problem 5003 (WILL_NOT_PERFORM), data 0 Regards, M?rcio Bacci Em dom, 4 de ago de 2019 ?s 11:19, miguel medalha <medalist at sapo.pt> escreveu:> > > I'm having trouble transferring FSMO roles "DOMAINDNS" and FORESTDNS with > > below showing: > > > > samba-tool fsmo transfer --role=domaindns > > ERROR: Failed to delete role 'domaindns': LDAP error 50 > > LDAP_INSUFFICIENT_ACCESS_RIGHTS - <00002098: SecErr: DSID-031523E0, > > problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 > > To do that with samba-tool, I suppose that you need to use the switch > --U Administrator and enter Administrator's password. > >
On 04/08/2019 15:21, Marcio Demetrio Bacci via samba wrote:> Hi, > > This way don't works too. > > root at samba4-dc:~# samba-tool fsmo transfer --role=forestdns -Uadministrator > Password for [EMPRESA\administrator]: > ERROR: Failed to add role 'forestdns': LDAP error 53 > LDAP_UNWILLING_TO_PERFORM - <000020AE: SvcErr: DSID-03152BF7, problem 5003 > (WILL_NOT_PERFORM), data 0Well that is how it is supposed to work, in fact, if you enter 'samba-tool fsmo transfer --help' it prints amongst the output: --role=ROLE?????????? The FSMO role to seize or transfer. ??????????????????????? ....................... ??????????????????????? ..................... ??????????????????????? ................. ??????????????????????? .............. ??????????????????????? domaindns=DomainDnsZonesMasterRole ??????????????????????? forestdns=ForestDnsZonesMasterRole all=all of the ??????????????????????? above? You must provide an Admin user and password. So, even though it shouldn't matter, try it with '-U Administrator' I take it that Administrator exists (hasn't been renamed or removed) and you are using the correct password, I also hope that you haven't given Administrator a uidNumber attribute. Rowland
Hi>I take it that Administrator exists (hasn't been renamed or removed) andyou are using the correct password, Administrator exists and marcio too. Passwords is correct: samba-tool fsmo transfer --role=domaindns -Uadministrator * The 'domaindns' role does not have an FSMO roleowner samba-tool fsmo transfer --role=domaindns -'U administrator' * The 'domaindns' role does not have an FSMO roleowner samba-tool fsmo transfer --role=domaindns -Umarcio * The 'domaindns' role does not have an FSMO roleowner> I also hope that you haven't given Administrator a uidNumber attribute.Administrator haven't uidNumber attribute Regards, M?rcio Bacci Em dom, 4 de ago de 2019 ?s 12:17, Rowland penny via samba < samba at lists.samba.org> escreveu:> On 04/08/2019 15:21, Marcio Demetrio Bacci via samba wrote: > > Hi, > > > > This way don't works too. > > > > root at samba4-dc:~# samba-tool fsmo transfer --role=forestdns > -Uadministrator > > Password for [EMPRESA\administrator]: > > ERROR: Failed to add role 'forestdns': LDAP error 53 > > LDAP_UNWILLING_TO_PERFORM - <000020AE: SvcErr: DSID-03152BF7, problem > 5003 > > (WILL_NOT_PERFORM), data 0 > > Well that is how it is supposed to work, in fact, if you enter > 'samba-tool fsmo transfer --help' it prints amongst the output: > > --role=ROLE The FSMO role to seize or transfer. > ....................... > ..................... > ................. > .............. > domaindns=DomainDnsZonesMasterRole > forestdns=ForestDnsZonesMasterRole all=all of the > above You must provide an Admin user and > password. > > So, even though it shouldn't matter, try it with '-U Administrator' > > I take it that Administrator exists (hasn't been renamed or removed) and > you are using the correct password, I also hope that you haven't given > Administrator a uidNumber attribute. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Maybe the output of 'samba-tool fsmo transfer --help' should include the -U parameter...> (...) if you enter 'samba-tool fsmo transfer --help' it prints amongst > the output: > > --role=ROLE?????????? The FSMO role to seize or transfer. > ??????????????????????? ....................... > ??????????????????????? ..................... > ??????????????????????? ................. > ??????????????????????? .............. > ??????????????????????? domaindns=DomainDnsZonesMasterRole > ??????????????????????? forestdns=ForestDnsZonesMasterRole all=all of the > ??????????????????????? above? You must provide an Admin user and > password. > > So, even though it shouldn't matter, try it with '-U Administrator' >Maybe the output of 'samba-tool fsmo transfer --help' should include the -U parameter and its purpose in the current context...