Hi Team I am transferring to a new AD DC So I started transferring the fsmo roles the first five transferred fine the domaindns and forestdns had the following error! root at DC2:/etc/sudoers.d# samba-tool fsmo transfer --role=forestdns -UAdministrator Password for [BALEWAN\Administrator]: ERROR: Failed to add role 'forestdns': LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE -? <attribute 'fSMORoleOwner': no matching attribute value while deleting attribute on 'CN=Infrastructure,DC=ForestDnsZones,DC=balewan,DC=pegasusnz,DC=com'> <> What's the best thing to resolve this? seize the roles perhaps? Thanks Callum
16.01.2023 13:16, Callum G. MacEwan via samba wrote:> Hi Team > > I am transferring to a new AD DC > > So I started transferring the fsmo roles the first five transferred fine the domaindns and forestdns had the following error! > > root at DC2:/etc/sudoers.d#? samba-tool fsmo transfer --role=forestdns -UAdministrator > Password for [BALEWAN\Administrator]: > ERROR: Failed to add role 'forestdns': LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE -? <attribute 'fSMORoleOwner': no matching attribute value while deleting > attribute on 'CN=Infrastructure,DC=ForestDnsZones,DC=balewan,DC=pegasusnz,DC=com'> <>This is exactly the message I were seeing when trying to transfer FSMO roles. Rowland said it is due to me using unsupported configuration. Probably you too is using something unsupported ;))> What's the best thing to resolve this? seize the roles perhaps?I ended up stealing FSMO roles from another DC, with removing this one. It bought some other issues (not removing stale DNS record for the old DC, and non-working inter-DC replication, both can be fixed by manually doing things). I'd not say this is the best way though. The best way is to find the bug in samba and fix it. Thanks, /mjt
On 16/01/2023 10:16, Callum G. MacEwan via samba wrote:> Hi Team > > I am transferring to a new AD DC > > So I started transferring the fsmo roles the first five transferred fine > the domaindns and forestdns had the following error! > > root at DC2:/etc/sudoers.d#? samba-tool fsmo transfer --role=forestdns > -UAdministrator > Password for [BALEWAN\Administrator]: > ERROR: Failed to add role 'forestdns': LDAP error 16 > LDAP_NO_SUCH_ATTRIBUTE -? <attribute 'fSMORoleOwner': no matching > attribute value while deleting attribute on > 'CN=Infrastructure,DC=ForestDnsZones,DC=balewan,DC=pegasusnz,DC=com'> <> > > What's the best thing to resolve this? seize the roles perhaps? > > Thanks > > Callum >Yes, probably, but why are they not there ? I think you need to give us a bit more info: What OS What version of Samba Are you using Bind9 How was the domain provisioned If you run this on the DC: ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -b DC=DomainDnsZones,DC=balewan,DC=pegasusnz,DC=com '(cn=Infrastructure)' Does it shown the 'fSMORoleOwner' attribute ? Rowland