[Samba] Cannot Join Existing Windows 2003 Domain

Andrew Bartlett abartlet at samba.org
Wed Dec 26 15:07:30 MST 2012 

On Tue, 2012-12-25 at 20:42 -0500, Larry Aaronson wrote:
> On 12/25/2012 4:28 PM, Andrew Bartlett wrote:
> > On Tue, 2012-12-25 at 14:06 -0500, Larry Aaronson wrote:
> >> Trying to add a new samba 4 domain controller to an existing Windows
> >> 2003 domain.  There are two existing domain controllers:
> >> dc1.home.aaronson.com and dc2.home.aaronson.com.  As you can see below,
> >> samba 4 dies during the join.  I am stumped.  Dcdiag throws no errors on
> >> the existing controllers.  Any ideas/
> >> Refusing to replicate
> >> DC=DomainDnsZones\0ADEL:accca481-ed86-4259-bcf2-fe5adebd7676,DC=home,DC=aaronson,DC=com
> >> from a read-only repilca into a read-write replica!
> >> Failed to convert object
> >> DC=DomainDnsZones\0ADEL:accca481-ed86-4259-bcf2-fe5adebd7676,DC=home,DC=aaronson,DC=com:
> >>
> >> WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA
> >> Failed to convert objects: WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA
> > So, what is happening here is that the DC you are joining is not the
> > full DNS server for the domain, but it may well be a global catalog.
> >
> > We had an issue a few months back where somehow we replicated back in
> > data from a server that marked it's partition as being a global catalog,
> > and we had terrible trouble recovering the domain.
> >
> > So, we put in this assertion that we just won't do this.
> >
> > What we should do is find the DC that does have this information, and
> > replicate from there, but I've not added that complexity yet.
> >
> > In the short term, to try things out, make both your DCs DNS servers,
> > and try again, and file a bug so we don't forget to look into DNS
> > partition replication some more.
> >
> > Andrew Bartlett
> Andrew, thanks.  The DC that samba-tool found (dc2) is not a GC. 
> Although, it once was.  dc1 is our GC.  Both dc1 and dc2 are DNS servers 
> for the domain.  Any other suggestions?  I will file the bug report.

Looking at the DN more closely, we may have to investigate this some
more.  The problem DN is actually deleted, but not under 'Deleted
Objects', and clearly still has the markings that a read only object
would have. 

We need to be careful here, as I really don't want to get back the knots
we had when we replicated these in previously.  I guess just fill the
bug up with as much detail and history as you are happy with being
public.

I'm sorry I can't be more help, this looks like a tricky one.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list