Hello, I am in the process of upgrading one single DC (internal DNS) to 4.8.12. I have followed the procedure of adding a new DC, transfert FSMO roles and demote the old DC. Everything gone right (except at the tranfert FSMO step where I faced the problem described here https://lists.samba.org/archive/samba/2017-August/210140.html , this bug subsists in 4.8.12 , maybe it has been fixed in later release ? At the end , I have all roles transfered ok to the new DC). After the demote step, I followed the wiki https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC#Verifying_the_Demotion , and manually deleted all references to the old DC from the DNS manager. Nevertheless, I still have some references to the old DC in the Forward Lookup Zone:"(same as parent folder) Start Of Authority" and "(same as parent folder) Name Server . I only have a "Properties" menu for these entries, so I cannot delete these manually. I have the same entries in the _msdcs , and Reverse Lookup Zone. First question : How can I delete these entries to remove any reference to the old DC ? Second question : I have only one SOA entry, and this one refers to the old DC. Is it safe to manually modify its properties with the new DC data ? If not how can I correct this ? Thanks in advance for your help. Henri
On 05/08/2019 07:48, henri transfert via samba wrote:> Hello, > > I am in the process of upgrading one single DC (internal DNS) to 4.8.12. > > I have followed the procedure of adding a new DC, transfert FSMO roles and > demote the old DC. > Everything gone right (except at the tranfert FSMO step where I faced the > problem described here > https://lists.samba.org/archive/samba/2017-August/210140.html , this bug > subsists in 4.8.12 , maybe it has been fixed in later release ? At the end > , I have all roles transfered ok to the new DC). > > After the demote step, I followed the wiki > https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC#Verifying_the_Demotion > , and manually deleted all references to the old DC from the DNS manager. > Nevertheless, I still have some references to the old DC in the Forward > Lookup Zone:"(same as parent folder) Start Of Authority" and "(same as > parent folder) Name Server . > I only have a "Properties" menu for these entries, so I cannot delete these > manually. > > I have the same entries in the _msdcs , and Reverse Lookup Zone. > > First question : > How can I delete these entries to remove any reference to the old DC ? > > Second question : > I have only one SOA entry, and this one refers to the old DC. Is it safe to > manually modify its properties with the new DC data ? If not how can I > correct this ? > > Thanks in advance for your help. > > HenriThere are two schools of thought here, you can do what you have done and add a new DC to upgrade, but this has its problem, as you have found. You have to remove all references of the old DC etc. You are also depleting the ridpool, every time you add a new DC, it gets its own portion of the ridpool, do this often enough and you will deplete the ridpool. The other school of thought is to upgrade in place, doing it this way means that you do not have to change anything, this is the way I do it, without problem, of course YMMV ;-) You should have used 'samba-tool domain demote --remove-other-dead-server=<The _Old_DC>' You will probably have to trawl through sam.ldb and find the records that need to be removed and then try and remove them with samba-tool and/or ldb-tools. You will need to add your new DC to the SOA before removing the old DCs record. Rowland
Thanks for your answer Rowland. That's bad news since the new DC is now in production and I can't take the risk to break anything. Reply inline :> -----Message d'origine----- > De?: samba <samba-bounces at lists.samba.org> De la part de Rowland penny > via samba > Envoy??: lundi 5 ao?t 2019 11:18 > ??: samba at lists.samba.org > Objet?: Re: [Samba] DNS state after upgrading samba > > On 05/08/2019 07:48, henri transfert via samba wrote: > > Hello, > > > > I am in the process of upgrading one single DC (internal DNS) to 4.8.12. > > > > I have followed the procedure of adding a new DC, transfert FSMO roles > > and demote the old DC. > > Everything gone right (except at the tranfert FSMO step where I faced > > the problem described here > > https://lists.samba.org/archive/samba/2017-August/210140.html , this > > bug subsists in 4.8.12 , maybe it has been fixed in later release ? At > > the end , I have all roles transfered ok to the new DC). > > > > After the demote step, I followed the wiki > > https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC#Verifying_the_Demotion , and >> manually deleted all references to the old DC from the DNS manager. > > Nevertheless, I still have some references to the old DC in the > > Forward Lookup Zone:"(same as parent folder) Start Of Authority" and > > "(same as parent folder) Name Server . > > I only have a "Properties" menu for these entries, so I cannot delete > > these manually. > > > > I have the same entries in the _msdcs , and Reverse Lookup Zone. > > > > First question : > > How can I delete these entries to remove any reference to the old DC ? > > > > Second question : > > I have only one SOA entry, and this one refers to the old DC. Is it > > safe to manually modify its properties with the new DC data ? If not > > how can I correct this ? > > > > Thanks in advance for your help. > > > > Henri > > There are two schools of thought here, you can do what you have done and > add a new DC to upgrade, but this has its problem, as you have found. > You have to remove all references of the old DC etc. You are also depleting > the ridpool, every time you add a new DC, it gets its own portion of the > ridpool, do this often enough and you will deplete the ridpool. > > The other school of thought is to upgrade in place, doing it this way means > that you do not have to change anything, this is the way I do it, without > problem, of course YMMV ;-) > > You should have used 'samba-tool domain demote --remove-other-dead- > server=<The _Old_DC>'I trusted the demoting procedure on the Wiki . I thought it was ok since my old DC was online and ok. I guess it is too late to do that one now ?> > You will probably have to trawl through sam.ldb and find the records that > need to be removed and then try and remove them with samba-tool and/or > ldb-tools. > You will need to add your new DC to the SOA before removing the old DCs > record.I think I will need help for all that. As far as I understand , this is the first step : adding the new DC to the SOA . Can I do that from the RSAT DNS Console ? Is it possible to modify the SOA by replacing the Primary Server to the new DC on the SOA tab, and removing the old DC from the list of Name Servers in the Name Servers Tab ? Thanks Henri> > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba