On 23/03/2023 11:10, Anantha Raghava via samba wrote:> Hello Rowland,
>
> find the answers in line.
>
>
> On 23/03/23 4:24 pm, Rowland Penny via samba wrote:
>>
>>
>> On 23/03/2023 10:21, Anantha Raghava via samba wrote:
>>> Hello Rowland,
>>>
>>> Find the answers to your questions & suggestions.
>>
>> Not all, where did the domain come from ?
>> Was it provisioned as a Samba AD domain ?
>> Or
>> Did it it start out as an early Windows domain ?
> It was always a samba domain. I started with Samba 4.7.6 about 5 years
> back. Kept upgrading it over a period.
Well that disposes of one theory, Win 2k domains used a different dns
system, but as yours never started out that way, we can discount it.
>>
>>>
>>> Does 'samba-tool dns zonelist <YOUR_DC>' show
anything ?
>>>
>>> No - It results in "rpc server error -
WERR_DNS_ERROR_DS_UNAVAILABLE"
>>>
>>> samba-tool dns zonecreate' can create a dns zone, though I have
never
>>> tried to create a forest zone.
>>>
>>> I tried this. But results in same error - "rpc server error -
>>> WERR_DNS_ERROR_DS_UNAVAILABLE".
>>>
>>> Backup -? After restore, same error is repeating. That means it is
>>> not a viable backup.
>>
>> This is leading me to think that you may have the older style of dns
>> system.
> In the beginning about 5 years back, it was BIND9. Later we migrated to
> samba internal DNS and it was working like a charm all these years. Even
> during this time, DNS did work properly, until my attempt to change the
> SOA record. The attempt to change the SOA record brought it down.
>>
>>>
>>> Can we use ldb add command here to insert the ForestZone into
>>> sam.ldb? It may just be a wild thought.
>>
>> You may be able to create an object in AD, whether AD will recognise
>> it as an AD zone is another question, also you would need to add the
>> SOA and NS records and I wouldn't have a clue what the required
ldif
>> would look like.
> I still have those servers on which Samba-AD 4.15.9 was installed. But,
> even there, now, after removing them, by demoting (removing them as dead
> server). Those old servers still have the sam.ldb and in private the
> Zone related ldb and metadata files. Will these be of some use?
Possibly, if they were turned off and then demoted on another DC, they
will probably think they are still DC's. You will not be able to start
them in the domain now, but you could try sandboxing one and start it up
again, remove all the other DC's from this and see if you can then
connect to that DC. If this works, it will give you a good DC to use on
your domain, after you turn off all your existing faulty ones.
Rowland