[Samba] Demote a working DC fails with uncaught exception
Rowland penny
rpenny at samba.org
Sat Apr 2 09:03:11 UTC 2016
On 01/04/16 22:38, spindles7 wrote:
> Hi Rowland,
> Have tried your patch, and now the Demote succeeds:
>
> root at dc3:~# samba-tool domain demote -Uadministrator
> Using dc1.microlynx.com as partner server for the demotion
> Password for [MICROLYNX\administrator]:
> Deactivating inbound replication
> Asking partner server dc1.microlynx.com to synchronize from us
> Changing userControl and container
> Removing Sysvol reference: CN=DC3,CN=Enterprise,CN=Microsoft System Volumes,CN=System,CN=Configuration,DC=microlynx,DC=com
> Removing Sysvol reference: CN=DC3,CN=microlynx.com,CN=Microsoft System Volumes,CN=System,CN=Configuration,DC=microlynx,DC=com
> Removing Sysvol reference: CN=DC3,CN=Domain System Volumes (SYSVOL share),CN=File Replication Service,CN=System,DC=microlynx,DC=com
> Removing Sysvol reference: CN=DC3,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=microlynx,DC=com
> Demote successful
> root at dc3:~#
>
> but it leaves the demoted DC's DNS entries in place. So there's still something missing in the demote process.
>
> Thanks,
>
> spindles7
>
>
The patch has been pushed, so it is good to get proof that it works :-)
As for the DNS entries, not sure about this, perhaps another switch
'--removedns' . This way the entries would only be removed if the
machine wasn't coming back, some people may turn the machine into a
member server or similar.
There is another way of removing a DC from the domain, 'samba-tool
domain demote' now has a switch '--remove-other-dead-server' , this is
supposed to totally remove everything about a DC from AD, but this is
not without its problems. The main problem being the SOA record, which,
as standard, only contains the 'NS' & 'A' records of the first
provisioned DC, any subsequent DCs do not get added to the SOA (I did
propose a patch for this to happen, but it never got anywhere, even
though it is really needed). So if you remove the first DC with
'demote', you do not have a SOA.
Rowland
More information about the samba
mailing list