Removing a domain controller help needed

kris larquey.christophe at
Fri Oct 11 03:15:19 MDT 2013

Hi andrew,

thanks for the answer

I'll try that although the purpose was mainly to avoid using windows tools.

Le 11/10/2013 05:00, Andrew Bartlett a écrit :
> On Fri, 2013-09-13 at 09:10 +0200, christophe wrote:
>> Hi,
>> First guys, I'd like congratulate you. Samba 4 is really a cool product.
>> I have a little problem though.
>> The context:
>> I have Samba4 AD DC working perfectly on a virtual machine
>> for testing purpose I joined another Samba4 AD DC to the domain I had
>> provisioned and it worked perfectly but my second DC VM was deleted with no
>> mean to get it back.
>> I have now a problem on my first DC as the second DC still shows up in the
>> RSAT console,  NTDSUTIL, DNS and also samba-tool drs showrepl.
>> it seems to be impossible to delete it completely.
>> I know if I were on a windows DC I'd simply have gone for forced deletion
>> then metadata cleanup.
>> but I don't have a windows DC.
>> Is there a way I can permanently remove all connection to my disappeared
>> second DC form the AD just using  the tools provides with samba 4?
> Can you use the ADUC tools to do it?
> Yes, we are aware this isn't ideal, and patches to samba-tool are
> welcome.
>> Other question:
>> I use ISC-DHCP-SERVER with SAMBA_Internal DNS.
>> Is there a way to have it updating records?
>> >From the DNS console, it seems I can't allow for unsecure updates
> Currently this is controlled from the smb.conf, not DNS console.
> But unsecure updates are a really bad idea.  Other folks have done this
> with GSS-TSIG and an external script, and it would be really neat to
> also support shared-key TSIG, but that requires work.  Patches are very
> welcome (the shared 128 bit key can be stored in or generated from the
> unicodePwd).
> Andrew Bartlett

More information about the samba-technical mailing list