samba - Feb 2021 - samba-tool join error : NO DNS zone information found in source domain, not replicating DNS

On 18/02/2021 06:54, Dr. Hansj?rg Maurer via samba
wrote:
> Hi Roland
>
>
>
> Am 17.02.21 um 16:45 schrieb Rowland penny via samba:
>>
>> Are you sure your domain didn't start off with an earlier Windows 
>> version, such as 2K or 2003K ?
>
> I am not sure, long time ago, but the domain surely has a 2003 history
>
> I found,
>
>
https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting#Issues_with_DNS_during_DC_join
>
>
> which seems tp point to the same direction you think, but there is no 
> solution there for the migration issue .
>
> I tried
> dnscmd \CreateBuiltinDirectoryPartitions (from a Windows host) but it 
> does not suceed
>
> I have cloned the dc VM in order to test it in a test seperate 
> environment.
>
> Do you see a chance be creating the partions?, e.g.
>
> Joining a second dc -> no dns partiotions
> creating them manually by providing proper values for
> -rw-r--r--? 1 root root 1572 17. Feb 15:37 
> provision_dnszones_add.ldif_work
> -rw-r--r--? 1 root root 2111 17. Feb 15:25 provision_dnszones_add.ldif
> -rw-r--r--? 1 root root? 403 17. Feb 15:09 
> provision_dnszones_partitions.ldif
> -rw-r--r--? 1 root root? 696 17. Feb 15:05 provision_dnszones_modify.ldif
> ?and add them

OK, sorry to be so long in getting back to you, been to get my first 
covid vaccination ?

Do you have this dn in AD:

DC=_kerberos._tcp.dc,DC=_msdcs.XXX.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=XXX,DC=lan

Or this one:

DC=_kerberos._tcp.dc,DC=_msdcs.XXX.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=XXX,DC=lan

Rowland

Hi Rowland and Hansj?rg,

Le 18/02/2021 ? 15:09, Rowland penny via samba a ?crit?:
> On 18/02/2021 06:54, Dr. Hansj?rg Maurer via samba wrote:
>> Hi Roland
>>
>>
>>
>> Am 17.02.21 um 16:45 schrieb Rowland penny via samba:
>>>
>>> Are you sure your domain didn't start off with an earlier
Windows
>>> version, such as 2K or 2003K ?
>>
>> I am not sure, long time ago, but the domain surely has a 2003 history
>>
>> I found,
>>
>>
https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting#Issues_with_DNS_during_DC_join
>>
>>
>> which seems tp point to the same direction you think, but there is no 
>> solution there for the migration issue .
>>
>> I tried
>> dnscmd \CreateBuiltinDirectoryPartitions (from a Windows host) but it 
>> does not suceed
>>
>> I have cloned the dc VM in order to test it in a test seperate 
>> environment.
>>
>> Do you see a chance be creating the partions?, e.g.
>>
>> Joining a second dc -> no dns partiotions
>> creating them manually by providing proper values for
>> -rw-r--r--? 1 root root 1572 17. Feb 15:37 
>> provision_dnszones_add.ldif_work
>> -rw-r--r--? 1 root root 2111 17. Feb 15:25 provision_dnszones_add.ldif
>> -rw-r--r--? 1 root root? 403 17. Feb 15:09 
>> provision_dnszones_partitions.ldif
>> -rw-r--r--? 1 root root? 696 17. Feb 15:05
provision_dnszones_modify.ldif
>> ?and add them
> 
> 
> OK, sorry to be so long in getting back to you, been to get my first 
> covid vaccination ?
> 
> Do you have this dn in AD:
> 
>
DC=_kerberos._tcp.dc,DC=_msdcs.XXX.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=XXX,DC=lan
> 
> 
> Or this one:
> 
>
DC=_kerberos._tcp.dc,DC=_msdcs.XXX.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=XXX,DC=lan
If the domain has old DNS layout (_msdcs in DomainDnsZones), it sure can 
be fixed (even if it is easier to be fixed before migration), but then 
there will be issues with schema upgrade anyway: recent Samba version 
cannot upgrade from AD schema level 30/31 anymore...

Cheers,

Denis
> 
> Rowland
> 
> 
> 
>

Hi Rowland (sorry for misspelling your name last time)

Am 18.02.21 um 15:09 schrieb Rowland penny via samba:
> On 18/02/2021 06:54, Dr. Hansj?rg Maurer via samba wrote:
>>
>
>
> OK, sorry to be so long in getting back to you, been to get my first 
> covid vaccination ?
>
> Do you have this dn in AD:
>
>
DC=_kerberos._tcp.dc,DC=_msdcs.XXX.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=XXX,DC=lan
>
>
> Or this one:
>
>
DC=_kerberos._tcp.dc,DC=_msdcs.XXX.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=XXX,DC=lan
>
>
we currently have

dn: 
DC=_kerberos._tcp.Default-First-Site-Name._sites,DC=XXX.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=XXX,DC=lan
dn: 
DC=_kerberos._tcp,DC=XXX.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=XXX,DC=lan

dn: 
DC=_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs,DC=XXX.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=XXX,DC=lan
dn: 
DC=_kerberos._tcp.dc._msdcs,DC=XXX.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=XXX,DC=lan

and to my understanding this should be

dn: 
DC=_kerberos._tcp.Default-First-Site-Name._sites,DC=XXX.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=XXX,DC=lan
dn: 
DC=_kerberos._tcp,DC=XXX.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=XXX,DC=lan

dn: 
DC=_kerberos._tcp.Default-First-Site-Name._sites.dc,DC=_msdcs.XXX.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=XXX,DC=lan
dn: 
DC=_kerberos._tcp.dc,DC=_msdcs.XXX.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=XXX,DC=lan

Therefore
- we only habe one ForestDnsZones and no DomainDnsZones
- _msdcs is a subzone of 
DC=XXX.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=XXX,DC=lan instead 
DC=_msdcs.XXX.lan under CN=MicrosoftDNS,DC=ForestDnsZones,DC=XXX,DC=lan

Regards Hansj?rg

>
>
>
>
>

-- 
Dr. Hansj?rg Maurer
itsystems Deutschland AG
Erzgie?ereistr. 22
80335 M?nchen
Tel:   +49-89-52 04 68-41
Fax:   +49-89-52 04 68-59
E-Mail: hansjoerg.maurer at itsd.de
Web:    http://www.itsd.de


Amtsgericht M?nchen HRB 132146
USt-IdNr. DE 812991301
Steuer-Nr. 143/100/81575

Aufsichtsratsvorsitzender:
Stefan Adam
Vorstand:
Dr. Michael Krocka
Dr. Hansj?rg Maurer



----------------------------
Unser System ist mit einem Mailverschluesselungs-Gateway ausgestattet. Wenn Sie
moechten, dass an Sie gerichtete E-Mails verschluesselt werden, senden Sie
einfach eine S/MIME-signierte E-Mail oder Ihren PGP Public Key an
hansjoerg.maurer at itsd.de.

Our system is equipped with an email encryption gateway. If you want email sent
to you to be encrypted please send a S/MIME signed email or your PGP public key
to hansjoerg.maurer at itsd.de.