[Samba] Transfer of FSMO Roles
Rowland Penny
rowlandpenny at googlemail.com
Thu Nov 20 12:17:52 MST 2014
On 20/11/14 18:24, Donaldson Jeff wrote:
> Good Afternoon,
>
>
> I've been working towards decommissioning my current PDC and moving Primary Master to a newly built DC. I was able to successfully transfer each of the five FSMO roles (without seizing) to the new server. I can run samba-tool fsmo show on each of my servers and they all return the new DC with each of the five roles. My question is...shouldn't transferring of the DomainNamingMasterRole affect the (SOA) and (NS) settings in DNS automatically? They are still set to the old server, and if I look in the DomainDnsZones and ForestDnsZones in DNS Manager, they both still show records for the old server. Furthermore, trying to run samba-tool domain demote -Uadministrator on the old server returned that it still owned two roles. It is my understanding that this is a bug and that the old PDC should be pulled out of the domain as if it were an orphan. If that is the case, than how do I go about correcting DNS before I do that? Any help is appreciated. Thanks!
>
>
> Regards,
>
> Jeff
>
> Jeff Donaldson
> Technology Director
> Newark Charter School
> jeff.donaldson at ncs.k12.de.us
> (302) 369-2001 ext: 425
The problem here is that there are 7 FSMO roles on a Samba4 AD DC, but
samba-tool only seems to know about 5 of them. As you have found out,
the 2 missing ones are:
CN=Infrastructure,DC=ForestDnsZones,rootdse
CN=Infrastructure,DC=DomainDnsZones,rootdse
If you inspect the 'fSMORoleOwner' attribute on these two objects, I am
fairly sure that will you find that they are pointing at the old DC, I
presume if you change this to your new DC, your problem will go away.
Rowland
More information about the samba
mailing list