[Samba] Demoting a DC

Thomas Schulz schulz at adi.com
Wed Apr 13 15:55:17 UTC 2016

>From a discussion on samba technical about the inability to have Samba
work as a DC when the original DC is a Windows Server 2000 machine.

> > as Andrew asked you previously, the main question is : do you have some 
> > specific requirements for keeping a DC on that computer (eg. Exchange or 
> > whatever)?
> > 
> > If you don't need to keep the DC role on that computer, the best path 
> > would be for you to
> > * join up a temporary win2k3 DC,
> > * demote the win2k DC to member server
> > * clean up the DNS zone as per 
> > https://support.microsoft.com/en-us/kb/817470
> > * upgrade domain/forest level to 2k3
> > * join a Samba4 DC
> > * demote the win2k3 DC
> > * clean up all the leftover dns entries / ntdsdsa / computers objects
> > 
> > I've done it a few times. That way you keep you custom applications on 
> > your win2k machine, and get a shiny brand new samba4 AD domain. However, 
> > if you have a requierement for having DC role on that specific machine...
> > 
> > Cheers,
> > 
> > Denis
> > -- 
> > Denis Cardon
> Thank you for the details. I will save this information as we may have
> to do this some day.
> We are not running exchange or any such thing.  The only reason for
> keeping the DC role on that computer is that it is the only Windows
> server that we have and it seems that moving the DC role directly to
> Samba is not going to work.
> Awhile back I started to look into buying a copy of win2k3 but got bogged
> down in the requirement to separately get enough licenses to cover the
> number of client machines to receive services from a win2k3 server.
> We have almost 100 desktop and laptop machines using the Windows 2000
> Server as a DC.
> Tom Schulz

In another eamil it was pointed out that the win2k3 system would only
be needed for a short time after hours as an intermediate step. So there
should be no need for a lot of client licenses.

Now for the question. If I demote the original DC in a two DC setup will
the FSMO roles automatically transfer or do I need to manually seize
them before demoting the the original DC?

Tom Schulz
Applied Dynamics Intl.
schulz at adi.com

More information about the samba mailing list