contactdarin at posteo.net
2024-Oct-19 00:46 UTC
[Samba] Best way to get the current PDC emulator master via DNS (Possible bug?)
Hello all, I am working on a new sysvol replication workaround that uses SSH and rsync inside of a bubblewrap container to securely replicate the sysvol across domain controllers. As part of this system I need a way to get the PDC emulator without breaking the additional security provided by the sandbox. I am using the address _ldap._tcp.pdc._msdcs.example.com to get the current PDC emulator. The SRV record should point to the current master if I am understanding correctly. However, for whatever reason this record has multiple listings corresponding to the history of the domain. It seems that when the role is transferred the old record is never cleaned up. I am not sure why this is the case or even if it is intended behavior. (See attached screenshot) Am I correct to use the _ldap._tcp.pdc._msdcs.example.com address? If not, is there a way to get the PDC emulator via DNS? For those interested here is the repo to my project: https://codeberg.org/darin755/samba_sysvol_repl/ Thanks for your time, Darin
Luis Peromarta
2024-Oct-19 06:31 UTC
[Samba] Best way to get the current PDC emulator master via DNS (Possible bug?)
You?re correct. That?s the record. However when the PDC emulator role is transferred to another domain controller, a new?DNS?record is generated. Samba does not remove the previous PDC emulator entry from?DNS. If DC1 held the PDC emulator role and it has been transferred to DC2, two records will exist. You need to manually remove the old one. This will tell you which dc holds the role. samba-tool fsmo show On 19 Oct 2024 at 02:46 +0200, contactdarin at posteo.net, wrote:> > Am I correct to use the _ldap._tcp.pdc._msdcs.example.com address? If > not, is there a way to get the PDC emulator via DNS?