Removing a domain controller help needed
Andrew Bartlett
abartlet at samba.org
Thu Oct 10 21:00:52 MDT 2013
On Fri, 2013-09-13 at 09:10 +0200, christophe wrote:
> Hi,
>
> First guys, I'd like congratulate you. Samba 4 is really a cool product.
>
> I have a little problem though.
>
> The context:
>
> I have Samba4 AD DC working perfectly on a virtual machine
> for testing purpose I joined another Samba4 AD DC to the domain I had
> provisioned and it worked perfectly but my second DC VM was deleted with no
> mean to get it back.
>
> I have now a problem on my first DC as the second DC still shows up in the
> RSAT console, NTDSUTIL, DNS and also samba-tool drs showrepl.
> it seems to be impossible to delete it completely.
>
>
> I know if I were on a windows DC I'd simply have gone for forced deletion
> then metadata cleanup.
> but I don't have a windows DC.
>
> Is there a way I can permanently remove all connection to my disappeared
> second DC form the AD just using the tools provides with samba 4?
Can you use the ADUC tools to do it?
Yes, we are aware this isn't ideal, and patches to samba-tool are
welcome.
> Other question:
>
> I use ISC-DHCP-SERVER with SAMBA_Internal DNS.
>
> Is there a way to have it updating records?
> >From the DNS console, it seems I can't allow for unsecure updates
Currently this is controlled from the smb.conf, not DNS console.
But unsecure updates are a really bad idea. Other folks have done this
with GSS-TSIG and an external script, and it would be really neat to
also support shared-key TSIG, but that requires work. Patches are very
welcome (the shared 128 bit key can be stored in or generated from the
unicodePwd).
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz
More information about the samba-technical
mailing list