Actually I googled and I remember I used this before..
Wouldn?t it make sense to either prompt for a user with sufficient rights or
improve the wording to - are you domain admin?
With -UAdministrator worked ?
Thanks, Joachim
-----Urspr?ngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland penny
via samba
Gesendet: Wednesday, 16 December 2020 19:56
An: samba at lists.samba.org
Betreff: Re: [Samba] transferring fsmo
On 16/12/2020 18:46, Joachim Lindenberg via samba wrote:> Hello,
>
> I just tried to transfer all fsmo roles by
>
> samba-tool fsmo transfer --role=all
>
> and got:
>
> FSMO transfer of 'rid' role successful
>
> FSMO transfer of 'pdc' role successful
>
> FSMO transfer of 'naming' role successful
>
> FSMO transfer of 'infrastructure' role successful
>
> FSMO transfer of 'schema' role successful
>
> ERROR: Failed to add role 'domaindns': LDAP error 50
> LDAP_INSUFFICIENT_ACCESS_RIGHTS - <00002098: Object
> CN=Infrastructure,DC=DomainDnsZones,DC=samba,DC=lindenberg,DC=one has
> no write property access
>
I take it that you didn't run 'samba-tool fsmo transfer --help'
where it shows (amongst others) this:
--role=ROLE The FSMO role to seize or transfer.
rid=RidAllocationMasterRole schema=SchemaMasterRole
pdc=PdcEmulationMasterRole
naming=DomainNamingMasterRole
infrastructure=InfrastructureMasterRole
domaindns=DomainDnsZonesMasterRole
forestdns=ForestDnsZonesMasterRole all=all of the
above You must provide an Admin user and password.
Try reading the last line ?
It only really applies to the dns roles.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba