[Samba] how to remove an (offline) DC from Samba 4 ?

Denis Cardon denis.cardon at tranquil-it-systems.fr
Mon Feb 17 11:14:45 MST 2014 

Hi Bram,
>
> What would be the recommended way to remove an old offline DC from Samba4?
>
> I searched in samba-tool for a way to do this, but didn't find any.
> Tried using the Windows tools to manage AD Users & Computers -> Domain
> Controllers -> The DC & then hit delete, however this gives an error 'cannot
> find specified module'.
> On https://wiki.samba.org/index.php/Samba4/DRS_TODO_List I read this is
> likely a known issue:
> "Fix DsRemoveDSServer
>
> Removing a DC from the Domain Controllers container when using windows
> user/group admin tool against a s4 DC fails with "bad stub data". It
> generated a fault on the wire. "
>
> Given that both samba-tool and the using the ADUC tools are a dead end, what
> should I do?
>
> Should I start messing with ldbedit/ldbdel? I'm worried to mess up things,
> especially dead references to the old DC. Or is this the way to go.

You can actually get stuck in a similar situation with MSAD. There is a 
web page on microsoft about that http://support.microsoft.com/kb/216498 
. I had once to dig into that with a dead DC that wouldn't leave my 
win2k DC alone.

I'd advise you to use ApacheDirectoryStudio instead of adsiedit to 
remove the old entries from your AD, it is much more user friendly. Be 
sure to have a good backup before fiddling with your ldap entries!

Then use your dnsmgmt.msc to check and remove all the DNS entries of the 
old DC servers (NS and SRV fields).

Hope this helps,

Denis


> This is on samba 4.1.4, running as AD, with all FSMO roles seized (in case
> it matters).
>
> Any help would be appreciated.
>
> Thanks,
>
> Bram.
>
> - --
> Bram Matthys
> Software developer/IT consultant        syzop at vulnscan.org
> Website:                                  www.vulnscan.org
> PGP key:                       www.vulnscan.org/pubkey.asc
> PGP fp: EBCA 8977 FCA6 0AB0 6EDB  04A7 6E67 6D45 7FE1 99A6
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
>
> iF4EAREIAAYFAlMB2TgACgkQbmdtRX/hmaZ1/QD9EQo9g5DZ3ml/9ZkSQH5Y2cY5
> 1HpDgR6J0nWt8Yiu4D4A/R0MB+wdiDIfXmga+o9ep7sy083cE/Z6xKL7RNoCqoXc
> =aPzr
> -----END PGP SIGNATURE-----
>


-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr

More information about the samba mailing list