[Samba] samba4 replication issues | sam.ldb inconsistency
abartlet at samba.org
Fri Jul 11 04:54:01 MDT 2014
On Fri, 2014-07-11 at 12:34 +0200, mourik jan heupink - merit wrote:
> Hi Andrew, list,
> > This is a difficult situation. Ideally you would get the 'good' DC to
> > replicate to a new installation, and work from there.
> > Andrew Bartlett
> Ok, this is what I thought, yes. Thank you, Andrew. Just some final
> All fsmo roles are currently on my DC1 (with the corrupt DomainDnsZones
> database). I'm a bit hesitant to start moving around roles, as long as
> everything still seems to work. But, as far as I see, there are three
> options to proceed from here:
> option 1 - move only the DomainNamingMasterRole from (corrupt) DC1 to
> (probably healthy) DC2. Then install/add a new DC3, and then it will
> replicate everything from DC1, except it will take the DomainDnsZones
> from DC2, is that right?)
> (but I don't know if DC=DomainDnsZones and the role
> DomainNamingMasterRole are connected with each other like this)
> option 2 - take a deep breath, move all roles to DC2, hope & check
> everything still works afterwards, and then install/add DC3, so it will
> replicate everything from DC2.
> And I guess this is NOT possible:
> option 3 - Install a new third DC3, and replicate that new DC3 with my
> (probably healthy) DC2, WITHOUT doing scary things like transferring
> fsmo roles first?
There is no need to move roles in the short term. They don't do
anything until you need to allocate a new RID pool. By then, hopefully
you can successfully seize them.
I think option 3 is the best option. Get that working, as you don't
loose anything by taking this option.
We don't have great tools for removing dead DCs yet (we have tools that
*should* do that, but clearly by reports do not). We need to sort that
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba