[Samba] Transfer of FSMO Roles

Allen Chen achen at harbourfrontcentre.com
Thu Nov 20 11:58:41 MST 2014

On 11/20/2014 1:24 PM, Donaldson Jeff wrote:
> Good Afternoon,
> I've been working towards decommissioning my current PDC and moving Primary Master to a newly built DC. I was able to successfully transfer each of the five FSMO roles (without seizing) to the new server. I can run samba-tool fsmo show on each of my servers and they all return the new DC with each of the five roles. My question is...shouldn't transferring of the DomainNamingMasterRole affect the (SOA) and (NS) settings in DNS automatically?  They are still set to the old server, and if I look in the DomainDnsZones and ForestDnsZones in DNS Manager, they both still show records for the old server. Furthermore, trying to run samba-tool domain demote -Uadministrator on the old server returned that it still owned two roles. It is my understanding that this is a bug and that the old PDC should be pulled out of the domain as if it were an orphan. If that is the case, than how do I go about correcting DNS before I do that? Any help is appreciated. Thanks!
> Regards,
> Jeff
I ended up the same problems in my test environment.
What I tested is: remove a samba4 AD DC from the network by unplugging 
its network cable ,
and then seize fsmo from another AD DC, everything is fine, but SOA 
still stays the same(the disconnected AD DC).
This causes messages in the log.samba file saying not find the 
disconnected AD DC.
I followed the steps to remove a dead AD DC with ADUC, dnsmgmt.msc and 
but the SOA record still stays there and the messages still show up in 
the log.
Finally I fixed it by modifying SOA (with dnsmgmt) to a new added AD DC. 
but it is not easy. The first a couple of times, It doesn't allow me to 
modify the SOA.
And now the "dead" AD DC is removed and no messages in the log.



More information about the samba mailing list