samba - Aug 2024 - Problems on joining samba DC to a Windows Domain while adding DNS record for new DC

Il giorno ven, 09/08/2024 alle 17.32 +0100, Rowland Penny via samba ha
scritto:
> On Fri, 09 Aug 2024 17:51:22 +0200
> Mitja Tav?ar via samba <samba at lists.samba.org> wrote:
> 
> > 
> > The original domain was not deployed as 2008R2 but as Windows2000 and
> > then upgraded to 2003 and subsequently to 2008R2 level. But we have
> > not encountered any problems so far.
> 
> The DNS on a W2k is very different from what is used now, so when it
> was updated was the DNS updated as well ?
Ok, according to the error that popped out also of Douglas patch it should be a
missing DNS zone in my DNS.

(9601, 'WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST')
> If it wasn't, then the base NC will not be there to put the dns record
> into.
Maybe you know how can i check if the correct NC exists? whith ADSI Edit or some
other tool?

Should this be relevant to my?
https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting#DNS_zone_does_not_exist


Thank You


Mitja Tav?ar

On Sat, 10 Aug 2024 09:34:32 +0200
Mitja Tav?ar via samba <samba at lists.samba.org> wrote:
> Il giorno ven, 09/08/2024 alle 17.32 +0100, Rowland Penny via samba
> ha scritto:
> > On Fri, 09 Aug 2024 17:51:22 +0200
> > Mitja Tav?ar via samba <samba at lists.samba.org> wrote:
> > 
> > > 
> > > The original domain was not deployed as 2008R2 but as Windows2000
> > > and then upgraded to 2003 and subsequently to 2008R2 level. But
> > > we have not encountered any problems so far.
> > 
> > The DNS on a W2k is very different from what is used now, so when it
> > was updated was the DNS updated as well ?
> 
> Ok, according to the error that popped out also of Douglas patch it
> should be a missing DNS zone in my DNS.
> 
> (9601, 'WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST')
> 
> > If it wasn't, then the base NC will not be there to put the dns
> > record into.
> 
> Maybe you know how can i check if the correct NC exists? whith ADSI
> Edit or some other tool?
> 
> Should this be relevant to my?
>
https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting#DNS_zone_does_not_exist
> 
> 
> Thank You
> 
> 
> Mitja Tav?ar
> 
Do you have any Linux domain clients ?
If so try this command:

sudo ldbsearch --cross-ncs --show-binary -H
ldap://vmw2srvdc1.intra.comune.trento.it -P -b
'dc=intra,dc=comune,dc=trento,dc=it' -s sub
'(objectclass=dnszone)' -d0
| grep 'dn:'

(that should be all on one line).

If you haven't got any Linux domain clients, then, on the computer you
are trying to join as a DC, check if you have a valid ticket in /tmp
for Administrator (usually /tmp/krb5cc_0), if not, run 'kinit
Administrator' as root and enter the Administrator password when
prompted, you should now have /tmp/krb5cc_0

Once you have the ticket, run the ldbsearch command again, but replace
'-P' with '--use-krb5-ccache=/tmp/krb5cc_0'

When I run the command, I get this:

dn:
DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn:
DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
dn:
DC=1.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn:
DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com

Yours will not be in the same order, I have re-ordered them to explain
them better.
The first is the forward domain dns zone.
the second is the forward forest dns zone.
the third is the reverse zone and in this case isn't important, you may
not have one, or you could have multiple, but can be created/deleted at
will.
The final two are 'root' dns servers and are not used by Samba.

Rowland