[Samba] Transfer of FSMO Roles

Allen Chen achen at harbourfrontcentre.com
Thu Nov 20 12:07:38 MST 2014 

On 11/20/2014 1:58 PM, Allen Chen wrote:
> On 11/20/2014 1:24 PM, Donaldson Jeff wrote:
>> Good Afternoon,
>>
>>
>> I've been working towards decommissioning my current PDC and moving 
>> Primary Master to a newly built DC. I was able to successfully 
>> transfer each of the five FSMO roles (without seizing) to the new 
>> server. I can run samba-tool fsmo show on each of my servers and they 
>> all return the new DC with each of the five roles. My question 
>> is...shouldn't transferring of the DomainNamingMasterRole affect the 
>> (SOA) and (NS) settings in DNS automatically?  They are still set to 
>> the old server, and if I look in the DomainDnsZones and 
>> ForestDnsZones in DNS Manager, they both still show records for the 
>> old server. Furthermore, trying to run samba-tool domain demote 
>> -Uadministrator on the old server returned that it still owned two 
>> roles. It is my understanding that this is a bug and that the old PDC 
>> should be pulled out of the domain as if it were an orphan. If that 
>> is the case, than how do I go about correcting DNS before I do that? 
>> Any help is appreciated. Thanks!
>>
>>
>> Regards,
>>
>> Jeff
>>
> I ended up the same problems in my test environment.
> What I tested is: remove a samba4 AD DC from the network by unplugging 
> its network cable ,
> and then seize fsmo from another AD DC, everything is fine, but SOA 
> still stays the same(the disconnected AD DC).
> This causes messages in the log.samba file saying not find the 
> disconnected AD DC.
> I followed the steps to remove a dead AD DC with ADUC, dnsmgmt.msc and 
> Sites/Services.
> but the SOA record still stays there and the messages still show up in 
> the log.
> Finally I fixed it by modifying SOA (with dnsmgmt) to a new added AD 
> DC. but it is not easy. The first a couple of times, It doesn't allow 
> me to modify the SOA.
> And now the "dead" AD DC is removed and no messages in the log.
>
> Allen
>
One last step I forget to mention: I did reboot all AD DCs(restart the 
machines).

More information about the samba mailing list