similar to: Cleaning up old DC DNS records

On Tue, 2017-09-05 at 18:39 -0400, Patrick Lepore via samba wrote: > Hi, I demoted a running domain controller by running the samba-tool demote > command on the running system to be demoted and there's still some DNS > entries for the old one kicking around. It's still listed under _msdcs and > also _kerberos._udp and _ldap._tcp. > > Should I manually remove them?

On 01/04/16 22:38, spindles7 wrote: > Hi Rowland, > Have tried your patch, and now the Demote succeeds: > > root at dc3:~# samba-tool domain demote -Uadministrator > Using dc1.microlynx.com as partner server for the demotion > Password for [MICROLYNX\administrator]: > Deactivating inbound replication > Asking partner server dc1.microlynx.com to synchronize from us >

> So you never read this: > https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC > Which means that you probably never ran the aptly named > 'samba_upgradedns'Of course I ran this. Many times. I'm not stupid, Rowland. At least I can read:D If I've seen that Bind doesn't work, I had to change backend to internal DNS.I carefully read and made

Hello, I had tried to demote a samba DC and re-join it as a member over the weekend, but something went horribly wrong. Starting point was a samba DC which also acted as a file server. It was the single DC in that domain. I first set up a Windows 2008 R2 machine and promoted it to DC within the same domain. I then changed DNS entries on all machines to point to the new DC, transferred the FSMO

Hi Massimo, >>> >>>> Il 05/02/2018 16:41, Rowland Penny ha scritto: >>>>> On Mon, 5 Feb 2018 16:01:27 +0100 >>>>> "Massimo Donato - Adcom.it via samba" <samba at lists.samba.org> wrote: >>>>> >>>>>> */Hi all, >>>>>> after a couple of year of successfully working samba AD DC

*//* Hi Denis, Il 06/02/2018 20:05, Denis Cardon via samba ha scritto: > Hi Massimo, > >> Il 05/02/2018 16:41, Rowland Penny ha scritto: >>> On Mon, 5 Feb 2018 16:01:27 +0100 >>> "Massimo Donato - Adcom.it via samba" <samba at lists.samba.org> wrote: >>> >>>> */Hi all, >>>>      after a couple of year of successfully

On 10/12/15 14:00, Ole Traupe wrote: > > > Am 10.12.2015 um 14:38 schrieb Rowland penny: >> On 10/12/15 13:25, Ole Traupe wrote: >>> Is it possible that kdc server is always the SOA, at least if >>> derived from DNS and not specified *explicitly* in the krb5.conf? >>> >>> In my DNS-Manager console I find that >>> >>>

On 10/12/15 14:40, Ole Traupe wrote: > >>> However, my 2nd DC is not that new, I restarted it many times, just >>> again (samba service). No DNS records are created anywhere. >>> >>> If I go through the DNS console, in each and every container there >>> is some entry for the 1st DC, but none for the 2nd (except on the >>> top levels: FQDN

On 23/07/15 16:23, mathias dufresne wrote: > Hi all, > > I tried "samba-tool ldapcmp" several times to solve this issue, without > success. > > On DC acting as full FSMO: > dc20:~# samba-tool ldapcmp ldap://dc00.ad.dgfip.lan > ldap://dc20.ad.dgfip.lan domain > ERROR(ldb): uncaught exception - ldb_wait: Time limit exceeded (3) > File

Following: https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC i've demoted and removed a DC. Seems all went as expected: root at vdcud1:~# samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio Using vdcsv1.ad.fvg.lnf.it as partner server for the demotion Password for [LNFFVG\gaio]: Deactivating inbound replication Asking partner server vdcsv1.ad.fvg.lnf.it to synchronize

On 10/29/2015 9:56 AM, Ole Traupe wrote: > > > Am 29.10.2015 um 14:37 schrieb James: >> On 10/29/2015 9:15 AM, Ole Traupe wrote: >>> >>> >>> Am 29.10.2015 um 13:54 schrieb mathias dufresne: >>>> Thank you for hint to this VBS script. In fact I alraedy saw it but >>>> I'm not >>>> too confident in my VB knowledge, so

On 10/30/2015 9:19 AM, Ole Traupe wrote: > > > Am 30.10.2015 um 13:33 schrieb James: >> On 10/29/2015 9:56 AM, Ole Traupe wrote: >>> >>> >>> Am 29.10.2015 um 14:37 schrieb James: >>>> On 10/29/2015 9:15 AM, Ole Traupe wrote: >>>>> >>>>> >>>>> Am 29.10.2015 um 13:54 schrieb mathias dufresne:

On 10/29/2015 9:15 AM, Ole Traupe wrote: > > > Am 29.10.2015 um 13:54 schrieb mathias dufresne: >> Thank you for hint to this VBS script. In fact I alraedy saw it but >> I'm not >> too confident in my VB knowledge, so I didn't use that script, prefering >> rely on Samba command and shell scripts to work around issues. >> >> You spoke about SOA

I'm trying to demote dc3 from msad dc service. As the root user, I type this command: samba-tool domain demote -Uadministrator which fails with this error: "Using dc2.infinity.local as partner server for the demotion" The problem is that dc2 was demoted some weeks ago, and is no longer running samba4. Is there a way I can force dc3 to use a different dc as the

Thank you for hint to this VBS script. In fact I alraedy saw it but I'm not too confident in my VB knowledge, so I didn't use that script, prefering rely on Samba command and shell scripts to work around issues. You spoke about SOA record which wasn't changed, same here. There is another DNS record I had to change: _ldap._tcp.pdc._msdcs.samba.domain.tld. I spoke about removing

Hi, I played with demote recently on a test AD domain composed with Samba version 4.3.0 and 4.3.1. I demoted all version 4.3.0. I was facing same issue as you. I written long mails here to explain how I managed that. My DNS looks clear now. Today I played with AD sites and I found in default sites all demoted DC. They weren't removed from DNS DB nor here. For now I have no idea how to get

On 10/30/2015 10:11 AM, Ole Traupe wrote: > > > Am 30.10.2015 um 14:56 schrieb James: >> On 10/30/2015 9:19 AM, Ole Traupe wrote: >>> >>> >>> Am 30.10.2015 um 13:33 schrieb James: >>>> On 10/29/2015 9:56 AM, Ole Traupe wrote: >>>>> >>>>> >>>>> Am 29.10.2015 um 14:37 schrieb James:

Hi Denis & Rowland Thanks for the suggestion to trim the smb.conf after which the DC-1 is connecting to the Windows Server 2008 shared folder smbclient -k //IUMSVRAPP01/Pastel12 -d 9 and DC-2 is also connecting after using the DNS name of the Windows server. *You'd better switch your DNS to Bind-DLZ. Internal DNS is not that good for larger site (looking at your DNS domain name, I guess

On 31/07/2019 12:04, Stefan G. Weichinger via samba wrote: > Am 31.07.19 um 12:50 schrieb Rowland penny via samba: >> On 31/07/2019 11:40, Stefan G. Weichinger via samba wrote: >>> Am 31.07.19 um 12:32 schrieb Rowland penny via samba: >>>> On 31/07/2019 11:22, Stefan G. Weichinger via samba wrote: >>>>> "dc" was the old name a few years ago

"--seize" helped: root at pre01svdeb03:~# samba-tool fsmo show SchemaMasterRole owner: CN=NTDS Settings,CN=PRE01SVDEB03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pilsbacher,DC=at InfrastructureMasterRole owner: CN=NTDS Settings,CN=PRE01SVDEB03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pilsbacher,DC=at RidAllocationMasterRole owner: