similar to: Unable to transfer ForestDns/DomainDNS

This is what it returned. root at DC01:/mnt# ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -b "CN=Infrastructure,DC=DomainDnsZones,DC=fisherthompson,DC=local" -s base fsmoroleowner # record 1 dn: CN=Infrastructure,DC=DomainDnsZones,DC=fisherthompson,DC=local fSMORoleOwner: CN=NTDS Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,C

I have the Active Directory domain with Windows 2008 R2 domain controller and Samba domain controller on CentOS 7. Samba is 4.3.5 (self-compiled). Forest and domain levels are Windows 2008 R2. After joining Samba to the domain as the domain controller there were no DC=ForestDnsZones and DC=DomainDnsZones records on "OUTBOUND NEIGHBORS". I fixed it with ntdsutil, as it's written here

On 23/06/16 13:37, Jason Waters wrote: > I'm working my way off of our Windows 2003 R2 Domain Server. That machine > is called PDC, sorry really bad planning so many years ago! So my end goal > is to have two samba4 domain controllers. They are setup and joined as > DC's, dc01 and dc02. I have most of my files off of PDC but would like to > keep it up for a little longer

On 21/03/16 15:44, Landau Daniil wrote: > I have the Active Directory domain with Windows 2008 R2 domain controller and Samba domain controller on CentOS 7. Samba is 4.3.5 (self-compiled). Forest and domain levels are Windows 2008 R2. > After joining Samba to the domain as the domain controller there were no DC=ForestDnsZones and DC=DomainDnsZones records on "OUTBOUND NEIGHBORS". I

On 07/07/16 17:14, Jason Waters wrote: > I'm going to keep going and see if I can get samba joined and then > migrated over. Maybe I'm still focusing on the wrong thing! Ugh.... > > On Thu, Jul 7, 2016 at 12:12 PM, Jason Waters <jason at geeknocity.com > <mailto:jason at geeknocity.com>> wrote: > > So I wanted to test if something was broke in my DC

I did not get SUCCESS! root at DC01:/mnt# samba-tool ldapcmp ldap://dc01 ldap://pdc dnsdomain * Comparing [DNSDOMAIN] context... * Objects to be compared: 188 Comparing: 'CN=Infrastructure,DC=DomainDnsZones,DC=fisherthompson,DC=local' [ldap://dc01] 'CN=Infrastructure,DC=DomainDnsZones,DC=fisherthompson,DC=local' [ldap://pdc] Attributes found only in ldap://dc01:

This is the output of that command. root at DC01:~# ldbsearch --cross-ncs -H ldap://pdc -b "DC=DomainDnsZones,DC=fisherthompson,DC=local" -s sub -Uadministrator Password for [FISHERTHOMPSON\administrator]: search error - LDAP error 10 LDAP_REFERRAL - <0000202B: RefErr: DSID-0310063C, data 0, 1 access points ref 1: 'DomainDnsZones.fisherthompson.local' >

The built in DNS, sorry if that sounded like it was special! So do I just seize it then? And do I do that before or after dcpromo? Thanks for the help. Jason On Thu, Jun 23, 2016 at 2:19 PM, Rowland penny <rpenny at samba.org> wrote: > On 23/06/16 18:52, Jason Waters wrote: > >> lol...sorry! >> >> - The windows domain controller does run a DNS server >>

lol...sorry! - The windows domain controller does run a DNS server - I joined the samba DC's to the windows DC. I used the normal command, but did get an error about the forest and domain dns. The error is: descriptor_sd_propagation_recursive: DC=DomainDnsZones,DC=fisherthompson,DC=local not found under DC=fisherthompson,DC=local descriptor_sd_propagation_recursive:

search error - LDAP error 10 LDAP_REFERRAL - <0000202B: RefErr: DSID-0310063C, data 0, 1 access points ref 1: 'DomainDnsZones.fisherthompson.local' > <ldap://DomainDnsZones.fisherthompson.local/DC=DomainDnsZones,DC=fisherthompson,DC=local> On Thu, Jul 7, 2016 at 11:04 AM, Rowland penny <rpenny at samba.org> wrote: > On 07/07/16 13:56, Jason Waters wrote:

Hi! I have two Dcs, with Samba 4.7.7, i need tranfer(dont seize) fsmo between dcs, but dont work samba-tool fsmo transfer --role=domaindns -Uadmin Password for [XXXX\admin]: ERROR: Failed to delete role 'domaindns': LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE -  <attribute 'fSMORoleOwner': no matching attribute value while deleting attribute on

So I wanted to test if something was broke in my DC so I setup a "new" 2003 DC with a different domain, example.com. I do the ldbsearch against that and I get the same error instead of it listing the dns entries....So maybe it is a 2003 thing? On Thu, Jul 7, 2016 at 11:55 AM, Rowland penny <rpenny at samba.org> wrote: > On 07/07/16 16:19, Jason Waters wrote: > > search

So I continue to struggle getting this moved away from windows 2003 to samba. I've been working in VM's to test before doing it on production. I think something is just wrong/broken with my windows 2003 AD. These are a couple of the things I have tried. - Going from Windows 2003 to Windows 2008 to Samba - Seizing the roles and then joining another samba domain controller. But I'm

Hi Team I am transferring to a new AD DC So I started transferring the fsmo roles the first five transferred fine the domaindns and forestdns had the following error! root at DC2:/etc/sudoers.d# samba-tool fsmo transfer --role=forestdns -UAdministrator Password for [BALEWAN\Administrator]: ERROR: Failed to add role 'forestdns': LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE -? <attribute

So I joined with samba's internal DNS, then converted to BIND, then tested. Seems like it was working. I forced the 2003 machine out, cleaned up the meta data and everything seemed to be working ok. So I raised the domain level like this samba-tool domain level raise samba-tool domain level raise --domain-level=2008_R2 samba-tool domain level raise --forest-level=2008_R2 everything shows

So I setup a testing environment so I can test/break things. I think my issue is that something is screwed up with the Partitions on the windows 2003 server. The forest and domain partitions look odd, are they? Mine looks kind of like this... http://1ask2.com/Wndows2012/Upgrade/migration09.jpg On Tue, Jun 28, 2016 at 8:21 AM, Jason Waters <jason at geeknocity.com> wrote: > I still

Recently tried transferring roles from Samba 4.3.11 to Samba 4.7.0. Ultimately, both dcs agreed that the 4.7.0 dc (dc3) had all the roles and replication and the databases were in good shape. However, during the process, I got a lot of errors that seemed to magically disappear. Should I be worried? root at dc3:~# samba-tool fsmo show SchemaMasterRole owner: CN=NTDS

On 23/06/16 17:49, Jason Waters wrote: > I did not get SUCCESS! > > root at DC01:/mnt# samba-tool ldapcmp ldap://dc01 ldap://pdc dnsdomain > > * Comparing [DNSDOMAIN] context... > > * Objects to be compared: 188 > > Comparing: > 'CN=Infrastructure,DC=DomainDnsZones,DC=fisherthompson,DC=local' > [ldap://dc01] >

I bumped the logging up. samba-tool domain level raise --domain-level=2008_R2 schema_fsmo_init: we are master[yes] updates allowed[no] schema_fsmo_init: we are master[yes] updates allowed[no] The updates_allowed[no] concerns me? On Fri, Jul 8, 2016 at 9:45 AM, Jason Waters <jason at geeknocity.com> wrote: > I'm pretty sure the domain level raise is failing on this system.

On 23/06/16 19:53, Jason Waters wrote: > This is the output of that command. > > root at DC01:~# ldbsearch --cross-ncs -H ldap://pdc -b > "DC=DomainDnsZones,DC=fisherthompson,DC=local" -s sub -Uadministrator > Password for [FISHERTHOMPSON\administrator]: > search error - LDAP error 10 LDAP_REFERRAL - <0000202B: RefErr: > DSID-0310063C, data 0, 1 access points