[Samba] Cannot Join Existing Windows 2003 Domain

[Larry Aaronson]

On 12/25/2012 4:28 PM, Andrew Bartlett wrote:
> On Tue, 2012-12-25 at 14:06 -0500, Larry Aaronson wrote:
>> Trying to add a new samba 4 domain controller to an existing Windows
>> 2003 domain.  There are two existing domain controllers:
>> dc1.home.aaronson.com and dc2.home.aaronson.com.  As you can see below,
>> samba 4 dies during the join.  I am stumped.  Dcdiag throws no errors on
>> the existing controllers.  Any ideas/
>> Refusing to replicate
>> DC=DomainDnsZones\0ADEL:accca481-ed86-4259-bcf2-fe5adebd7676,DC=home,DC=aaronson,DC=com
>> from a read-only repilca into a read-write replica!
>> Failed to convert object
>> DC=DomainDnsZones\0ADEL:accca481-ed86-4259-bcf2-fe5adebd7676,DC=home,DC=aaronson,DC=com:
>>
>> WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA
>> Failed to convert objects: WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA
> So, what is happening here is that the DC you are joining is not the
> full DNS server for the domain, but it may well be a global catalog.
>
> We had an issue a few months back where somehow we replicated back in
> data from a server that marked it's partition as being a global catalog,
> and we had terrible trouble recovering the domain.
>
> So, we put in this assertion that we just won't do this.
>
> What we should do is find the DC that does have this information, and
> replicate from there, but I've not added that complexity yet.
>
> In the short term, to try things out, make both your DCs DNS servers,
> and try again, and file a bug so we don't forget to look into DNS
> partition replication some more.
>
> Andrew Bartlett
Andrew, thanks.  The DC that samba-tool found (dc2) is not a GC. 
Although, it once was.  dc1 is our GC.  Both dc1 and dc2 are DNS servers 
for the domain.  Any other suggestions?  I will file the bug report.