Jean-Louis Biasini
2022-Jul-14 16:34 UTC
[Samba] questions regarding the Demoting an Offline Domain Controller procedure
hello again, ?Can anyone here points me in the right direction? Le 08/07/2022 ? 14:25, Jean-Louis Biasini via samba a ?crit?:> hello list, > > sorry for the bump, does anybody has any information on this one? > > thanks > > jl > > Le 06/07/2022 ? 14:15, Jean-Louis Biasini via samba a ?crit?: >> hi all, >> >> I have questions regarding a DC that I had to demote following the >> Demoting an Offline Domain Controller procedure from here >> https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC. >> >> 1. The procedure went well and no other problems occured, but since >> then I have the following popping up in the log of all the remaining >> DCs at restart: >> >> ../../source4/dsdb/kcc/scavenge_dns_records.c:491(dns_delete_tombstones) >> dns_delete_tombstones: A tombstoned dnsNode has non-tombstoned >> records, which should not happen. >> >> How can I find and delete those remaining record? I don?t see >> anything related to the demoted DC with rsat DNS tool nor with: >> >> ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationId=*)' >> --cross-ncs objectguid >> >> 2. the procedure states that I shouldn?t reconnect et demoted offline >> dc, does this apply only to that specific machine? Can I declare a >> new dc with the same name and/or ip and/or mac address (VM) or should >> this also be avoided? >> >> samba is Version 4.15.8 on Centos7 with bind dlz as dns backend >> >> >> many thanks >> >> Jean-Louis >
Jean-Louis Biasini
2023-Aug-28 10:00 UTC
[Samba] questions regarding the Demoting an Offline Domain Controller procedure
hello all, To give some follow up info if anyone is affected by 1. too: Le 14/07/2022 ? 19:34, Jean-Louis Biasini a ?crit?:>>> 1. The procedure went well and no other problems occured, but since >>> then, I have the following popping up in the log of all the >>> remaining DCs at restart: >>> >>> ../../source4/dsdb/kcc/scavenge_dns_records.c:491(dns_delete_tombstones) >>> >>> dns_delete_tombstones: A tombstoned dnsNode has non-tombstoned >>> records, which should not happen. >>> >>> How can I find and delete those remaining record? I don?t see >>> anything related to the demoted DC with rsat DNS tool nor with: >>> >>> ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationId=*)' >>> --cross-ncs objectguidthe proper ldap request to perform is: ldapsearch -H ldaps://ADSERVER_FQDN_DNSNAME:636 -x -W -D "administrator at example.domain.tld" -b 'DC=DomainDnsZones,DC=example,DC=domain,DC=tld' "(dNSTombstoned=TRUE)" Make sure whatever DC that comes up is not in used anymore and that all related dns record have been deleted Then you can delete that record with ldapdelete.>>> 2. the procedure states that I shouldn?t reconnect et demoted >>> offline dc, does this apply only to that specific machine? Can I >>> declare a new dc with the same name and/or ip and/or mac address >>> (VM) or should this also be avoided?I?m still looking for answers as to this question 2. have a nice day jean-louis