Stefan G. Weichinger
2019-Nov-26 20:54 UTC
[Samba] 4.9.x -> 4.10.x : any major things to consider?
Am 26.11.19 um 21:37 schrieb Rowland penny via samba:> Ah, that could be worded better ;-) > > What it means is: > > If a DC fails for some reason and is stopped and then demoted on another > DC (the failed DC is no longer a DC), you must not simply fix the old DC > and restart it. This is because the domain no longer recognises the > demoted DC, but it will still think it is a DC and will try to replicate > to and from the domain, this will destroy your domain.So if I not only fix DC-old but install it from scratch (= clean /var/lib/samba ... anything else?) that will work?
Rowland penny
2019-Nov-26 21:02 UTC
[Samba] 4.9.x -> 4.10.x : any major things to consider?
On 26/11/2019 20:54, Stefan G. Weichinger via samba wrote:> Am 26.11.19 um 21:37 schrieb Rowland penny via samba: > >> Ah, that could be worded better ;-) >> >> What it means is: >> >> If a DC fails for some reason and is stopped and then demoted on another >> DC (the failed DC is no longer a DC), you must not simply fix the old DC >> and restart it. This is because the domain no longer recognises the >> demoted DC, but it will still think it is a DC and will try to replicate >> to and from the domain, this will destroy your domain. > So if I not only fix DC-old but install it from scratch (= clean > /var/lib/samba ... anything else?) that will work? > >If you can fix a DC within a short time and do not demote it, you can restart it. If you cannot fix a DC and demote it, you should start again and re-join it as a new DC (even if it does have the same hostname etc). Never remotely demote a DC and then restart it without re-joining it to the domain. Rowland
Stefan G. Weichinger
2019-Nov-26 21:06 UTC
[Samba] 4.9.x -> 4.10.x : any major things to consider?
Am 26.11.19 um 22:02 schrieb Rowland penny via samba:> On 26/11/2019 20:54, Stefan G. Weichinger via samba wrote: >> Am 26.11.19 um 21:37 schrieb Rowland penny via samba: >> >>> Ah, that could be worded better ;-) >>> >>> What it means is: >>> >>> If a DC fails for some reason and is stopped and then demoted on another >>> DC (the failed DC is no longer a DC), you must not simply fix the old DC >>> and restart it. This is because the domain no longer recognises the >>> demoted DC, but it will still think it is a DC and will try to replicate >>> to and from the domain, this will destroy your domain. >> So if I not only fix DC-old but install it from scratch (= clean >> /var/lib/samba ... anything else?) that will work? >> >> > If you can fix a DC within a short time and do not demote it, you can > restart it. > > If you cannot fix a DC and demote it, you should start again and re-join > it as a new DC (even if it does have the same hostname etc). > > Never remotely demote a DC and then restart it without re-joining it to > the domain.Ok, so I will * demote it remotely * scratch adc2:/var/lib/samba * follow https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory and come back here ;-)