Removing a domain controller help needed

Andrew Bartlett abartlet at
Thu Oct 10 21:00:52 MDT 2013

On Fri, 2013-09-13 at 09:10 +0200, christophe wrote:
> Hi, 
> First guys, I'd like congratulate you. Samba 4 is really a cool product.
> I have a little problem though.
> The context:
> I have Samba4 AD DC working perfectly on a virtual machine
> for testing purpose I joined another Samba4 AD DC to the domain I had
> provisioned and it worked perfectly but my second DC VM was deleted with no
> mean to get it back.
> I have now a problem on my first DC as the second DC still shows up in the
> RSAT console,  NTDSUTIL, DNS and also samba-tool drs showrepl.
> it seems to be impossible to delete it completely.
> I know if I were on a windows DC I'd simply have gone for forced deletion
> then metadata cleanup.
> but I don't have a windows DC.
> Is there a way I can permanently remove all connection to my disappeared
> second DC form the AD just using  the tools provides with samba 4?

Can you use the ADUC tools to do it? 

Yes, we are aware this isn't ideal, and patches to samba-tool are

> Other question:
> I use ISC-DHCP-SERVER with SAMBA_Internal DNS.
> Is there a way to have it updating records?
> >From the DNS console, it seems I can't allow for unsecure updates

Currently this is controlled from the smb.conf, not DNS console. 

But unsecure updates are a really bad idea.  Other folks have done this
with GSS-TSIG and an external script, and it would be really neat to
also support shared-key TSIG, but that requires work.  Patches are very
welcome (the shared 128 bit key can be stored in or generated from the

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team 
Samba Developer, Catalyst IT         

More information about the samba-technical mailing list