[Samba] [SOLVED] replace Windows 2003 dc
Sérgio Henrique
sermac at gmail.com
Mon Feb 25 03:27:17 MST 2013
Hi Peter,
I am unable to demote windows DC, i get always error when demoting windows
AD on ForestDNSzones and DomainDNSzones, i have tried a lot of things.
Raise forest level, keep at 2003, add samba to nameservers,etc...
What i can see is that if i create a new samba4 as primary root domain and
then add windows AD i have no problems.
But my objective is to migrate current windows domain to samba4 and not
the opposite.
On Sat, Feb 23, 2013 at 8:49 PM, Peter Beck <peter at datentraeger.li> wrote:
> Hi guys,
>
> I did some more testing:
>
> --- Scenario 1:
>
> Server 2003 with Forest Operation Level 'Windows 2000' and domain
> operation Level 'Windows 2000 mixed' (which seems to be the default when
> setting up Server 2003):
>
> After joining Samba4 to the domain I was unable to raise the level.
> Samba-tool just had an error, when trying to showing the levels:
>
> ERROR: Could not retrieve the actual domain, forest level and/or
> lowest DC function level!
>
> And on the Windows DC the only change that was possible was to raise up
> the domain operating level to "Windows 2000 native". No other changes
> were possible [cannot raise ...because this domain includes domain
> controllers that are not running the appropriate version of Windows]
>
> I also got issues with replicate:
>
> samba-tool drs replicate lab07 lab03 dc=domaindnszones,dc=adlab,dc=local
> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
> drsException: DsReplicaSync failed (8440, 'WERR_DS_DRA_BAD_NC')
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 331, in
> run
> drs_utils.sendDsReplicaSync(self.drsuapi,
> self.drsuapi_handle,source_dsa_guid, NC, req_options)
> File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83, in
> sendDsReplicaSync
> raise drsException("DsReplicaSync failed %s" % estr)
>
> with option --local:
> samba-tool drs replicate lab07 lab03
> dc=domaindnszones,dc=adlab,dc=local --local
> Partition[dc=domaindnszones,dc=adlab,dc=local] objects[26]
> linked_values[0]
>
> the same behaviour with forestdnszones.
>
> --- Scenario 2:
>
> Then the same setup again, but _before_ joining Samba, the Domain
> and Forest level were raised up to 2003. After joining the samba server,
> the levels were shown without issues:
>
> samba-tool was able to list the levels:
>
> Domain and forest function level for domain 'DC=adlab,DC=local'
> Forest function level: (Windows) 2003
> Domain function level: (Windows) 2003
> Lowest function level of a DC: (Windows) 2003
>
> Also replicating seems (after restart of samba) to work successfull
> (with all its options like full-sync, local,etc):
>
> samba-tool drs replicate lab07 lab03 dc=domaindnszones,dc=adlab,dc=local
> Replicate from lab03 to lab07 was successful.
> samba-tool drs replicate lab07 lab03 dc=forestdnszones,dc=adlab,dc=local
> Replicate from lab03 to lab07 was successful.
>
> I was able do demote the Windows server like the times before.
>
> My conclusion is to ensure the forest and domain operating levels
> _before_ joining the Samba server to the domain and do not hurry with
> replacing to ensure the replication was done completely prevents from
> lots of issues and headache...
>
> I think the next test will be with Server 2008...
>
> Regards
> Peter
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Cumprimentos,
Sérgio Machado
More information about the samba
mailing list