[PATCH] make samba-tool aware of all 7 fsmo roles
Rowland Penny
repenny241155 at gmail.com
Fri Jun 5 12:36:42 MDT 2015
On 05/06/15 16:37, Jelmer Vernooij wrote:
> On Fri, Jun 05, 2015 at 11:10:10AM +0100, Rowland Penny wrote:
>> On 04/06/15 17:57, Jelmer Vernooij wrote:
>>> On Thu, Jun 04, 2015 at 05:17:11PM +0100, Rowland Penny wrote:
>>>> On 04/06/15 16:16, Jelmer Vernooij wrote:
>>>>> On Thu, Jun 04, 2015 at 02:00:47PM +0100, Rowland Penny wrote:
>>>>>> On 04/06/15 13:23, Jelmer Vernooij wrote:
>>>>>>> On Thu, Jun 04, 2015 at 11:36:29AM +0100, Rowland Penny wrote:
>>> Jelmer
>> OK, lets try again (still not holding my breath :-D )
> Almost there :)
>
>> +def transfer_dns_role(outf, sambaopts, credopts, role, samdb):
>> + """Transfer dns FSMO role. """
>> +
>> + if role == "domaindns":
>> + domain_dn = samdb.domain_dn()
>> + role_object = "CN=Infrastructure,DC=DomainDnsZones," + domain_dn
>> + elif role == "forestdns":
>> + forest_dn = samba.dn_from_dns_name(samdb.forest_dns_name())
>> + role_object = "CN=Infrastructure,DC=ForestDnsZones," + forest_dn
>> +
>> + try:
>> + res = samdb.search(role_object,
>> + attrs=["fSMORoleOwner"],
>> + scope=ldb.SCOPE_BASE,
>> + controls=["extended_dn:1:1"])
>> +
>> + if 'fSMORoleOwner' in res[0]:
>> + try:
>> + master_guid = str(misc.GUID(ldb.Dn(samdb,
>> + res[0]['fSMORoleOwner'][0])
>> + .get_extended_component('GUID')))
>> + master_owner = str(ldb.Dn(samdb, res[0]['fSMORoleOwner'][0]))
>> + except:
> ^^ Please catch LdbError here rather than everything (including e.g. KeyboardInterrupt).
>
>> + outf.write("GUID not found in partition naming master DN %s\n" %
>> + res[0]['fSMORoleOwner'][0])
>> + return
> Perhaps return False?
>
>> + except LdbError, (num, msg):
>> + raise CommandError("DNS partion %s not found : %s" % (role, msg))
>> +
>> + if role == "domaindns":
>> + master_dns_name = '%s._msdcs.%s' % (master_guid,
>> + samdb.domain_dns_name())
>> + new_dns_name = '%s._msdcs.%s' % (samdb.get_ntds_GUID(),
>> + samdb.domain_dns_name())
>> + elif role == "forestdns":
>> + master_dns_name = '%s._msdcs.%s' % (master_guid,
>> + samdb.forest_dns_name())
>> + new_dns_name = '%s._msdcs.%s' % (samdb.get_ntds_GUID(),
>> + samdb.forest_dns_name())
>> +
>> + new_owner = samdb.get_dsServiceName()
>> +
>> + if master_dns_name != new_dns_name:
>> + lp = sambaopts.get_loadparm()
>> + creds = credopts.get_credentials(lp, fallback_machine=True)
>> + samdb = SamDB(url="ldap://%s" % (master_dns_name),
>> + session_info=system_session(),
>> + credentials=creds, lp=lp)
>> +
>> + m = ldb.Message()
>> + m.dn = ldb.Dn(samdb, role_object)
>> + m["fSMORoleOwner"] = ldb.MessageElement(master_owner,
>> + ldb.FLAG_MOD_DELETE,
>> + "fSMORoleOwner")
>> +
>> + try:
>> + samdb.modify(m)
>> + except LdbError, (num, msg):
>> + raise CommandError("Failed to delete role '%s': %s" %
>> + (role, msg))
>> +
>> + m = ldb.Message()
>> + m.dn = ldb.Dn(samdb, role_object)
>> + m["fSMORoleOwner"]= ldb.MessageElement(new_owner,
>> + ldb.FLAG_MOD_ADD,
>> + "fSMORoleOwner")
>> + try:
>> + samdb.modify(m)
>> + except LdbError, (num, msg):
>> + raise CommandError("Failed to add role '%s': %s" % (role, msg))
>> +
>> + try:
>> + connection = samba.drs_utils.drsuapi_connect(samdb.host_dns_name(),
>> + lp, creds)
>> + except samba.drs_utils.drsException, e:
>> + raise CommandError("Drsuapi Connect failed", e)
>> +
>> + try:
>> + drsuapi_connection = connection[0]
>> + drsuapi_handle = connection[1]
>> + req_options = drsuapi.DRSUAPI_DRS_WRIT_REP
>> + NC = role_object[18:]
>> + samba.drs_utils.sendDsReplicaSync(drsuapi_connection,
>> + drsuapi_handle,
>> + master_guid,
>> + NC, req_options)
>> + except samba.drs_utils.drsException, estr:
>> + raise CommandError("Replication failed", estr)
>> +
>> + outf.write("FSMO transfer of '%s' role successful\n" % role)
>> + return True
>> + else:
>> + outf.write("This DC already has the '%s' FSMO role\n" % role)
> Perhaps return False?
>
>> def transfer_role(outf, role, samdb):
>> + """Transfer standard FSMO role. """
>> +
>> + domain_dn = samdb.domain_dn()
>> + rid_dn = "CN=RID Manager$,CN=System," + domain_dn
>> + naming_dn = "CN=Partitions,%s" % samdb.get_config_basedn()
>> + infrastructure_dn = "CN=Infrastructure," + domain_dn
>> + schema_dn = str(samdb.get_schema_basedn())
>> + new_owner = samdb.get_dsServiceName()
>> m = ldb.Message()
>> m.dn = ldb.Dn(samdb, "")
>> if role == "rid":
>> + master_owner = get_fsmo_roleowner(samdb, rid_dn)
>> m["becomeRidMaster"]= ldb.MessageElement(
>> "1", ldb.FLAG_MOD_REPLACE,
>> "becomeRidMaster")
>> elif role == "pdc":
>> - domain_dn = samdb.domain_dn()
>> + master_owner = get_fsmo_roleowner(samdb, domain_dn)
>> +
>> res = samdb.search(domain_dn,
>> scope=ldb.SCOPE_BASE, attrs=["objectSid"])
>> assert len(res) == 1
>> @@ -119,26 +252,77 @@ all=all of the above"""),
>> else:
>> raise CommandError("Invalid FSMO role.")
>> #first try to transfer to avoid problem if the owner is still active
>> - if force is None:
>> - self.message("Attempting transfer...")
>> - try:
>> - transfer_role(self.outf, role, samdb)
>> - self.outf.write("FSMO seize was not required, as transfer of '%s' role was successful\n" % role)
>> - return
>> - except CommandError:
>> - #transfer failed, use the big axe...
>> - self.message("Transfer unsuccessful, seizing...")
>> + seize = "no"
> ^^ please use 'seize = False' / 'seize = True' rather than a string.
>
> Overall, looks much better. Thanks!
>
> Jelmer
Once more
Rowland
-------------- next part --------------
From d2f0a8e5a4c9644e3dd6435f203fea358fdf024e Mon Sep 17 00:00:00 2001
From: Rowland Penny <repenny241155 at gmail.com>
Date: Fri, 5 Jun 2015 19:31:38 +0100
Subject: [PATCH] samba-tool: make 'samba-tool fsmo *' aware of all 7 fsmo
roles
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10734
Signed-off-by: Rowland Penny <repenny241155 at gmail.com>
---
python/samba/netcmd/fsmo.py | 346 +++++++++++++++++++++++++++++++++----------
1 file changed, 268 insertions(+), 78 deletions(-)
diff --git a/python/samba/netcmd/fsmo.py b/python/samba/netcmd/fsmo.py
index 1bc4a96..3a7c347 100644
--- a/python/samba/netcmd/fsmo.py
+++ b/python/samba/netcmd/fsmo.py
@@ -17,10 +17,11 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
+import samba
import samba.getopt as options
import ldb
from ldb import LdbError
-
+from samba.dcerpc import drsuapi, misc
from samba.auth import system_session
from samba.netcmd import (
Command,
@@ -30,15 +31,131 @@ from samba.netcmd import (
)
from samba.samdb import SamDB
+def get_fsmo_roleowner(samdb, roledn):
+ """Gets the owner of an FSMO role
+
+ :param roledn: The DN of the FSMO role
+ """
+ res = samdb.search(roledn,
+ scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
+ assert len(res) == 1
+ master_owner = res[0]["fSMORoleOwner"][0]
+ return master_owner
+
+
+def transfer_dns_role(outf, sambaopts, credopts, role, samdb):
+ """Transfer dns FSMO role. """
+
+ if role == "domaindns":
+ domain_dn = samdb.domain_dn()
+ role_object = "CN=Infrastructure,DC=DomainDnsZones," + domain_dn
+ elif role == "forestdns":
+ forest_dn = samba.dn_from_dns_name(samdb.forest_dns_name())
+ role_object = "CN=Infrastructure,DC=ForestDnsZones," + forest_dn
+
+ try:
+ res = samdb.search(role_object,
+ attrs=["fSMORoleOwner"],
+ scope=ldb.SCOPE_BASE,
+ controls=["extended_dn:1:1"])
+
+ if 'fSMORoleOwner' in res[0]:
+ try:
+ master_guid = str(misc.GUID(ldb.Dn(samdb,
+ res[0]['fSMORoleOwner'][0])
+ .get_extended_component('GUID')))
+ master_owner = str(ldb.Dn(samdb, res[0]['fSMORoleOwner'][0]))
+ except LdbError, (num, msg):
+ raise CommandError("GUID not found in partition naming master DN %s : %s \n" %
+ (res[0]['fSMORoleOwner'][0], msg))
+ except LdbError, (num, msg):
+ raise CommandError("DNS partion %s not found : %s" % (role, msg))
+
+ if role == "domaindns":
+ master_dns_name = '%s._msdcs.%s' % (master_guid,
+ samdb.domain_dns_name())
+ new_dns_name = '%s._msdcs.%s' % (samdb.get_ntds_GUID(),
+ samdb.domain_dns_name())
+ elif role == "forestdns":
+ master_dns_name = '%s._msdcs.%s' % (master_guid,
+ samdb.forest_dns_name())
+ new_dns_name = '%s._msdcs.%s' % (samdb.get_ntds_GUID(),
+ samdb.forest_dns_name())
+
+ new_owner = samdb.get_dsServiceName()
+
+ if master_dns_name != new_dns_name:
+ lp = sambaopts.get_loadparm()
+ creds = credopts.get_credentials(lp, fallback_machine=True)
+ samdb = SamDB(url="ldap://%s" % (master_dns_name),
+ session_info=system_session(),
+ credentials=creds, lp=lp)
+
+ m = ldb.Message()
+ m.dn = ldb.Dn(samdb, role_object)
+ m["fSMORoleOwner"] = ldb.MessageElement(master_owner,
+ ldb.FLAG_MOD_DELETE,
+ "fSMORoleOwner")
+
+ try:
+ samdb.modify(m)
+ except LdbError, (num, msg):
+ raise CommandError("Failed to delete role '%s': %s" %
+ (role, msg))
+
+ m = ldb.Message()
+ m.dn = ldb.Dn(samdb, role_object)
+ m["fSMORoleOwner"]= ldb.MessageElement(new_owner,
+ ldb.FLAG_MOD_ADD,
+ "fSMORoleOwner")
+ try:
+ samdb.modify(m)
+ except LdbError, (num, msg):
+ raise CommandError("Failed to add role '%s': %s" % (role, msg))
+
+ try:
+ connection = samba.drs_utils.drsuapi_connect(samdb.host_dns_name(),
+ lp, creds)
+ except samba.drs_utils.drsException, e:
+ raise CommandError("Drsuapi Connect failed", e)
+
+ try:
+ drsuapi_connection = connection[0]
+ drsuapi_handle = connection[1]
+ req_options = drsuapi.DRSUAPI_DRS_WRIT_REP
+ NC = role_object[18:]
+ samba.drs_utils.sendDsReplicaSync(drsuapi_connection,
+ drsuapi_handle,
+ master_guid,
+ NC, req_options)
+ except samba.drs_utils.drsException, estr:
+ raise CommandError("Replication failed", estr)
+
+ outf.write("FSMO transfer of '%s' role successful\n" % role)
+ return True
+ else:
+ outf.write("This DC already has the '%s' FSMO role\n" % role)
+ return False
+
def transfer_role(outf, role, samdb):
+ """Transfer standard FSMO role. """
+
+ domain_dn = samdb.domain_dn()
+ rid_dn = "CN=RID Manager$,CN=System," + domain_dn
+ naming_dn = "CN=Partitions,%s" % samdb.get_config_basedn()
+ infrastructure_dn = "CN=Infrastructure," + domain_dn
+ schema_dn = str(samdb.get_schema_basedn())
+ new_owner = samdb.get_dsServiceName()
m = ldb.Message()
m.dn = ldb.Dn(samdb, "")
if role == "rid":
+ master_owner = get_fsmo_roleowner(samdb, rid_dn)
m["becomeRidMaster"]= ldb.MessageElement(
"1", ldb.FLAG_MOD_REPLACE,
"becomeRidMaster")
elif role == "pdc":
- domain_dn = samdb.domain_dn()
+ master_owner = get_fsmo_roleowner(samdb, domain_dn)
+
res = samdb.search(domain_dn,
scope=ldb.SCOPE_BASE, attrs=["objectSid"])
assert len(res) == 1
@@ -47,25 +164,35 @@ def transfer_role(outf, role, samdb):
sid, ldb.FLAG_MOD_REPLACE,
"becomePdc")
elif role == "naming":
+ master_owner = get_fsmo_roleowner(samdb, naming_dn)
m["becomeDomainMaster"]= ldb.MessageElement(
"1", ldb.FLAG_MOD_REPLACE,
"becomeDomainMaster")
elif role == "infrastructure":
+ master_owner = get_fsmo_roleowner(samdb, infrastructure_dn)
m["becomeInfrastructureMaster"]= ldb.MessageElement(
"1", ldb.FLAG_MOD_REPLACE,
"becomeInfrastructureMaster")
elif role == "schema":
+ master_owner = get_fsmo_roleowner(samdb, schema_dn)
m["becomeSchemaMaster"]= ldb.MessageElement(
"1", ldb.FLAG_MOD_REPLACE,
"becomeSchemaMaster")
else:
raise CommandError("Invalid FSMO role.")
- try:
- samdb.modify(m)
- except LdbError, (num, msg):
- raise CommandError("Failed to initiate transfer of '%s' role: %s" % (role, msg))
- outf.write("FSMO transfer of '%s' role successful\n" % role)
+ if master_owner != new_owner:
+ try:
+ samdb.modify(m)
+ except LdbError, (num, msg):
+ raise CommandError("Transfer of '%s' role failed: %s" %
+ (role, msg))
+
+ outf.write("FSMO transfer of '%s' role successful\n" % role)
+ return True
+ else:
+ outf.write("This DC already has the '%s' FSMO role\n" % role)
+ return False
class cmd_fsmo_seize(Command):
"""Seize the role."""
@@ -79,26 +206,31 @@ class cmd_fsmo_seize(Command):
}
takes_options = [
- Option("-H", "--URL", help="LDB URL for database or target server", type=str,
- metavar="URL", dest="H"),
- Option("--force", help="Force seizing of the role without attempting to transfer first.", action="store_true"),
- Option("--role", type="choice", choices=["rid", "pdc", "infrastructure","schema","naming","all"],
+ Option("-H", "--URL", help="LDB URL for database or target server",
+ type=str, metavar="URL", dest="H"),
+ Option("--force",
+ help="Force seizing of the role without attempting to transfer first.",
+ action="store_true"),
+ Option("--role", type="choice", choices=["rid", "pdc", "infrastructure",
+ "schema", "naming", "domaindns", "forestdns", "all"],
help="""The FSMO role to seize or transfer.\n
rid=RidAllocationMasterRole\n
schema=SchemaMasterRole\n
pdc=PdcEmulationMasterRole\n
naming=DomainNamingMasterRole\n
infrastructure=InfrastructureMasterRole\n
-all=all of the above"""),
+domaindns=DomainDnsZonesMasterRole\n
+forestdns=ForestDnsZonesMasterRole\n
+all=all of the above\n
+You must provide an Admin user and password."""),
]
takes_args = []
def seize_role(self, role, samdb, force):
- res = samdb.search("",
- scope=ldb.SCOPE_BASE, attrs=["dsServiceName"])
- assert len(res) == 1
- serviceName = res[0]["dsServiceName"][0]
+ """Seize standard fsmo role. """
+
+ serviceName = samdb.get_dsServiceName()
domain_dn = samdb.domain_dn()
self.infrastructure_dn = "CN=Infrastructure," + domain_dn
self.naming_dn = "CN=Partitions,%s" % samdb.get_config_basedn()
@@ -119,26 +251,80 @@ all=all of the above"""),
else:
raise CommandError("Invalid FSMO role.")
#first try to transfer to avoid problem if the owner is still active
- if force is None:
- self.message("Attempting transfer...")
- try:
- transfer_role(self.outf, role, samdb)
- self.outf.write("FSMO seize was not required, as transfer of '%s' role was successful\n" % role)
- return
- except CommandError:
- #transfer failed, use the big axe...
- self.message("Transfer unsuccessful, seizing...")
+ seize = False
+ master_owner = get_fsmo_roleowner(samdb, m.dn)
+ if master_owner != serviceName:
+ if force is None:
+ self.message("Attempting transfer...")
+ if not transfer_role(self.outf, role, samdb):
+ #transfer failed, use the big axe...
+ seize = True
+ self.message("Transfer unsuccessful, seizing...")
+ else:
+ self.message("Not seizing role as transfer was successful")
+
+ if force is not None or seize == True:
+ self.message("Seizing %s FSMO role..." % role)
+ m["fSMORoleOwner"]= ldb.MessageElement(
+ serviceName, ldb.FLAG_MOD_REPLACE,
+ "fSMORoleOwner")
+ try:
+ samdb.modify(m)
+ except LdbError, (num, msg):
+ raise CommandError("Failed to seize '%s' role: %s" %
+ (role, msg))
+ self.outf.write("FSMO seize of '%s' role successful\n" % role)
+ return True
else:
- self.message("Will not attempt transfer, seizing...")
+ self.outf.write("This DC already has the '%s' FSMO role\n" % role)
+ return False
- m["fSMORoleOwner"]= ldb.MessageElement(
- serviceName, ldb.FLAG_MOD_REPLACE,
- "fSMORoleOwner")
- try:
- samdb.modify(m)
- except LdbError, (num, msg):
- raise CommandError("Failed to initiate role seize of '%s' role: %s" % (role, msg))
- self.outf.write("FSMO seize of '%s' role successful\n" % role)
+ def seize_dns_role(self, role, samdb, credopts, sambaopts,
+ versionopts, force):
+ """Seize DNS FSMO role. """
+
+ serviceName = samdb.get_dsServiceName()
+ domain_dn = samdb.domain_dn()
+ forest_dn = samba.dn_from_dns_name(samdb.forest_dns_name())
+ self.domaindns_dn = "CN=Infrastructure,DC=DomainDnsZones," + domain_dn
+ self.forestdns_dn = "CN=Infrastructure,DC=ForestDnsZones," + forest_dn
+
+ m = ldb.Message()
+ if role == "domaindns":
+ m.dn = ldb.Dn(samdb, self.domaindns_dn)
+ elif role == "forestdns":
+ m.dn = ldb.Dn(samdb, self.forestdns_dn)
+ else:
+ raise CommandError("Invalid FSMO role.")
+ #first try to transfer to avoid problem if the owner is still active
+ seize = False
+ master_owner = get_fsmo_roleowner(samdb, m.dn)
+ if master_owner != serviceName:
+ if force is None:
+ self.message("Attempting transfer...")
+ if not transfer_dns_role(self.outf, sambaopts, credopts, role,
+ samdb):
+ #transfer failed, use the big axe...
+ seize = True
+ self.message("Transfer unsuccessful, seizing...")
+ else:
+ self.message("Not seizing role as transfer was successful\n")
+
+ if force is not None or seize == True:
+ self.message("Seizing %s FSMO role..." % role)
+ m["fSMORoleOwner"]= ldb.MessageElement(
+ serviceName, ldb.FLAG_MOD_REPLACE,
+ "fSMORoleOwner")
+ try:
+ samdb.modify(m)
+ except LdbError, (num, msg):
+ raise CommandError("Failed to seize '%s' role: %s" %
+ (role, msg))
+ self.outf.write("FSMO seize of '%s' role successful\n" % role)
+ return True
+ else:
+ self.outf.write("This DC already has the '%s' FSMO role\n" % role)
+ return False
def run(self, force=None, H=None, role=None,
credopts=None, sambaopts=None, versionopts=None):
@@ -155,8 +341,16 @@ all=all of the above"""),
self.seize_role("naming", samdb, force)
self.seize_role("infrastructure", samdb, force)
self.seize_role("schema", samdb, force)
+ self.seize_dns_role("domaindns", samdb, credopts, sambaopts,
+ versionopts, force)
+ self.seize_dns_role("forestdns", samdb, credopts, sambaopts,
+ versionopts, force)
else:
- self.seize_role(role, samdb, force)
+ if role == "domaindns" or role == "forestdns":
+ self.seize_dns_role(role, samdb, credopts, sambaopts,
+ versionopts, force)
+ else:
+ self.seize_role(role, samdb, force)
class cmd_fsmo_show(Command):
@@ -171,8 +365,8 @@ class cmd_fsmo_show(Command):
}
takes_options = [
- Option("-H", "--URL", help="LDB URL for database or target server", type=str,
- metavar="URL", dest="H"),
+ Option("-H", "--URL", help="LDB URL for database or target server",
+ type=str, metavar="URL", dest="H"),
]
takes_args = []
@@ -185,42 +379,29 @@ class cmd_fsmo_show(Command):
credentials=creds, lp=lp)
domain_dn = samdb.domain_dn()
- self.infrastructure_dn = "CN=Infrastructure," + domain_dn
- self.naming_dn = "CN=Partitions,%s" % samdb.get_config_basedn()
- self.schema_dn = samdb.get_schema_basedn()
- self.rid_dn = "CN=RID Manager$,CN=System," + domain_dn
-
- res = samdb.search(self.infrastructure_dn,
- scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
- assert len(res) == 1
- self.infrastructureMaster = res[0]["fSMORoleOwner"][0]
-
- res = samdb.search(domain_dn,
- scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
- assert len(res) == 1
- self.pdcEmulator = res[0]["fSMORoleOwner"][0]
-
- res = samdb.search(self.naming_dn,
- scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
- assert len(res) == 1
- self.namingMaster = res[0]["fSMORoleOwner"][0]
-
- res = samdb.search(self.schema_dn,
- scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
- assert len(res) == 1
- self.schemaMaster = res[0]["fSMORoleOwner"][0]
-
- res = samdb.search(self.rid_dn,
- scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
- assert len(res) == 1
- self.ridMaster = res[0]["fSMORoleOwner"][0]
-
- self.message("InfrastructureMasterRole owner: " + self.infrastructureMaster)
- self.message("RidAllocationMasterRole owner: " + self.ridMaster)
- self.message("PdcEmulationMasterRole owner: " + self.pdcEmulator)
- self.message("DomainNamingMasterRole owner: " + self.namingMaster)
- self.message("SchemaMasterRole owner: " + self.schemaMaster)
-
+ forest_dn = samba.dn_from_dns_name(samdb.forest_dns_name())
+ infrastructure_dn = "CN=Infrastructure," + domain_dn
+ naming_dn = "CN=Partitions,%s" % samdb.get_config_basedn()
+ schema_dn = samdb.get_schema_basedn()
+ rid_dn = "CN=RID Manager$,CN=System," + domain_dn
+ domaindns_dn = "CN=Infrastructure,DC=DomainDnsZones," + domain_dn
+ forestdns_dn = "CN=Infrastructure,DC=ForestDnsZones," + forest_dn
+
+ infrastructureMaster = get_fsmo_roleowner(samdb, infrastructure_dn)
+ pdcEmulator = get_fsmo_roleowner(samdb, domain_dn)
+ namingMaster = get_fsmo_roleowner(samdb, naming_dn)
+ schemaMaster = get_fsmo_roleowner(samdb, schema_dn)
+ ridMaster = get_fsmo_roleowner(samdb, rid_dn)
+ domaindnszonesMaster = get_fsmo_roleowner(samdb, domaindns_dn)
+ forestdnszonesMaster = get_fsmo_roleowner(samdb, forestdns_dn)
+
+ self.message("SchemaMasterRole owner: " + schemaMaster)
+ self.message("InfrastructureMasterRole owner: " + infrastructureMaster)
+ self.message("RidAllocationMasterRole owner: " + ridMaster)
+ self.message("PdcEmulationMasterRole owner: " + pdcEmulator)
+ self.message("DomainNamingMasterRole owner: " + namingMaster)
+ self.message("DomainDnsZonesMasterRole owner: " + domaindnszonesMaster)
+ self.message("ForestDnsZonesMasterRole owner: " + forestdnszonesMaster)
class cmd_fsmo_transfer(Command):
"""Transfer the role."""
@@ -234,16 +415,20 @@ class cmd_fsmo_transfer(Command):
}
takes_options = [
- Option("-H", "--URL", help="LDB URL for database or target server", type=str,
- metavar="URL", dest="H"),
- Option("--role", type="choice", choices=["rid", "pdc", "infrastructure","schema","naming","all"],
+ Option("-H", "--URL", help="LDB URL for database or target server",
+ type=str, metavar="URL", dest="H"),
+ Option("--role", type="choice", choices=["rid", "pdc", "infrastructure",
+ "schema", "naming", "domaindns", "forestdns", "all"],
help="""The FSMO role to seize or transfer.\n
rid=RidAllocationMasterRole\n
schema=SchemaMasterRole\n
pdc=PdcEmulationMasterRole\n
naming=DomainNamingMasterRole\n
infrastructure=InfrastructureMasterRole\n
-all=all of the above"""),
+domaindns=DomainDnsZonesMasterRole\n
+forestdns=ForestDnsZonesMasterRole\n
+all=all of the above\n
+You must provide an Admin user and password."""),
]
takes_args = []
@@ -263,8 +448,13 @@ all=all of the above"""),
transfer_role(self.outf, "naming", samdb)
transfer_role(self.outf, "infrastructure", samdb)
transfer_role(self.outf, "schema", samdb)
+ transfer_dns_role(self.outf, sambaopts, credopts, "domaindns", samdb)
+ transfer_dns_role(self.outf, sambaopts, credopts, "forestdns", samdb)
else:
- transfer_role(self.outf, role, samdb)
+ if role == "domaindns" or role == "forestdns":
+ transfer_dns_role(self.outf, sambaopts, credopts, role, samdb)
+ else:
+ transfer_role(self.outf, role, samdb)
class cmd_fsmo(SuperCommand):
--
1.7.10.4
More information about the samba-technical
mailing list