[Samba] got stuck with replacing win2k DC with samba4 DC

Andreas Oster aoster at novanetwork.de
Tue Nov 1 07:03:49 MDT 2011

Hello all,

active directory is working now, seems there was an issue with
DNS entries.

Now i have another question.  I had to force demote of the win 2008 R2
server and was not able to do "metadata cleanup" with the ntdsutil to
remove the remains of the windows server afterwards, the new samba4 DC
simply did not allow me to do that. Is there a way to do something
similar with the samba provided tools (samba-tool for example) ?

thank you



Am 01.11.2011 11:06, schrieb Andreas Oster:
> Hello all,
> I have tried several times to replace an old Windows 2000 domain
> controller with a samba4 dc but failed to do so.
> here is what I did/tried:
> - copied the old DC and DNS (bind9) to a vmware machine
> - fixed some replication issues I had with the old 2k DC ( once had two
> DCs and one died and had to seize it)
> - downloaded 2008 R2 evaluation
> - performed adprep32 /forestprep, adprep32 /domainprep and
> adprep32 /domainprep /gpprep - no errors so far
> - installed a new 2008 R2 machine and promoted it as new DC
> - waited for SYSVOL to be synced
> - transfered all FSMOs to the new 2008R2 DC
> - demoted old 2k DC and re-added it as member server
> - raised domain level to 2008 R2
> - checked if everything is working with new DC -> OK, i guess.
> - installed a new VMware guest with current Ubuntu (oneiric 32bit)
> - downloaded samba from git, downloaded required dependencies,
> ./configure.developer, make, sudo make install
> - changed nsupdate command to "/usr/bin/nsupdate"
> - joined new samba DC to domain with samba-tool -> OK, no errors
> - created start script and start samba4
> - checked DNS for new entries for samba4 DC -> OK
> - waited some time for replication
> - used MS AD utils, connected to new samba4 DC and checked if all
> entries are there -> OK, looks good.
> - new samba4 currently has only GC role
> - used howto form here:
> https://lists.samba.org/archive/samba-technical/2011-October/080026.html
> to replicate SYSVOL from Windows machine to samba4 server
> - moved FSMOs with ntdsutil from 2008 R2 DC to samba4 DC
> - demoted Windows DC (had to force it with dcpromo /forceremoval)
> -> domain non functional anymore :-(
> - if I open MS AD tools the DC will not be selected automatically
> but I can select it manually and all entries seem do be there.
> Has someone successful moved his domain to a samba4 environment ?
> Any idea what could have happened ?
> I would be happy if someone can give me a hint in the right direction.
> thanks
> Andreas

More information about the samba mailing list