[Samba] how to remove an (offline) DC from Samba 4 ?

Andrew Bartlett abartlet at samba.org
Tue Feb 18 17:47:58 MST 2014 

On Mon, 2014-02-17 at 21:29 +0100, Bram Matthys wrote:
> Hi Denis,
> 
> Denis Cardon wrote, on 17-2-2014 19:14:
> >> What would be the recommended way to remove an old offline DC from Samba4?
> >>
> >> I searched in samba-tool for a way to do this, but didn't find any.
> >> Tried using the Windows tools to manage AD Users & Computers -> Domain
> >> Controllers -> The DC & then hit delete, however this gives an error 'cannot
> >> find specified module'.
> >> On https://wiki.samba.org/index.php/Samba4/DRS_TODO_List I read this is
> >> likely a known issue:
> >> "Fix DsRemoveDSServer
> >>
> >> Removing a DC from the Domain Controllers container when using windows
> >> user/group admin tool against a s4 DC fails with "bad stub data". It
> >> generated a fault on the wire. "
> >>
> >> Given that both samba-tool and the using the ADUC tools are a dead end, what
> >> should I do?
> >>
> >> Should I start messing with ldbedit/ldbdel? I'm worried to mess up things,
> >> especially dead references to the old DC. Or is this the way to go.
> > 
> > You can actually get stuck in a similar situation with MSAD. There is a web
> > page on microsoft about that http://support.microsoft.com/kb/216498 . I had
> > once to dig into that with a dead DC that wouldn't leave my win2k DC alone.
> > 
> > I'd advise you to use ApacheDirectoryStudio instead of adsiedit to remove
> > the old entries from your AD, it is much more user friendly. Be sure to have
> > a good backup before fiddling with your ldap entries!
> 
> Thanks. So indeed, little choice but to fiddle with LDAP or the DB directly.
> 
> I ended up running ldbedit on:
> /usr/local/samba/private/sam.ldb.d/DC=COMPANY,DC=NET.ldb
> /usr/local/samba/private/sam.ldb.d/CN=CONFIGURATION,DC=COMPANY,DC=NET.ldb
> etc..

We realise this is a difficult problem for you and other users, but
NEVER, EVER do that.

Editing the raw database will cause corruption (because the indices are
not correctly loaded), particularly when combined with DRS replication
(because objects deleted that way will never become deleted objects). 

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list