sudden disconnect while joining a new DC. => problem.
L.P.H. van Belle
belle at bazuin.nl
Wed Dec 28 13:29:34 UTC 2016
Its maybe this should not be posted here but this i wanted to share so you guys can think about this.
Its pretty easy to corrupt the AD database since we learn by accidents like this.
This is what happend here.
A samba AD domain with a samba 4.4.5 DC’s.
Now join a new DC 4.5.3, and just after starting it, power it off or disconnect het network.
So interrupt the join and destroy the DC. ( i had a power fail with a failing ups when joining )
Now in this case i ended up with a, half installed DC.
No DNS entries where created, the AD computer object was created in the AD but no site alias for the DC.
The command : samba-tool domain demote --remove-other-dead-server=DC3
Didnt work due to not having the alias object.
And more strange, samba-tool drs showrepl did say it was all ok.
I ended with manualy removing the leftover from the AD. ( used apache directory studio for that )
Now, i have been thinking about how to code this, but i dont have any suggestion, execpt
I saw the last subject : authenticating users during short disconnects from AD.
Maybe something like that if this is possible at al or something like pull the AD first to the server,
and join locally in the AD, just with big AD domains this can be a problem.
Sorry i have so little information, i destroyed the DC before i collected all logs.
I did this because i didnt know if starting up would give more problems.
More information about the samba-technical