[Samba] Demoting a DC

Rowland penny rpenny at samba.org
Wed Apr 13 16:21:59 UTC 2016 

On 13/04/16 16:55, Thomas Schulz wrote:
>  From a discussion on samba technical about the inability to have Samba
> work as a DC when the original DC is a Windows Server 2000 machine.
>
>>> as Andrew asked you previously, the main question is : do you have some
>>> specific requirements for keeping a DC on that computer (eg. Exchange or
>>> whatever)?
>>>
>>> If you don't need to keep the DC role on that computer, the best path
>>> would be for you to
>>> * join up a temporary win2k3 DC,
>>> * demote the win2k DC to member server
>>> * clean up the DNS zone as per
>>> https://support.microsoft.com/en-us/kb/817470
>>> * upgrade domain/forest level to 2k3
>>> * join a Samba4 DC
>>> * demote the win2k3 DC
>>> * clean up all the leftover dns entries / ntdsdsa / computers objects
>>>
>>> I've done it a few times. That way you keep you custom applications on
>>> your win2k machine, and get a shiny brand new samba4 AD domain. However,
>>> if you have a requierement for having DC role on that specific machine...
>>>
>>> Cheers,
>>>
>>> Denis
>>> -- 
>>> Denis Cardon
>> Thank you for the details. I will save this information as we may have
>> to do this some day.
>>
>> We are not running exchange or any such thing.  The only reason for
>> keeping the DC role on that computer is that it is the only Windows
>> server that we have and it seems that moving the DC role directly to
>> Samba is not going to work.
>>
>> Awhile back I started to look into buying a copy of win2k3 but got bogged
>> down in the requirement to separately get enough licenses to cover the
>> number of client machines to receive services from a win2k3 server.
>> We have almost 100 desktop and laptop machines using the Windows 2000
>> Server as a DC.
>>
>> Tom Schulz
> In another eamil it was pointed out that the win2k3 system would only
> be needed for a short time after hours as an intermediate step. So there
> should be no need for a lot of client licenses.
>
> Now for the question. If I demote the original DC in a two DC setup will
> the FSMO roles automatically transfer or do I need to manually seize
> them before demoting the the original DC?
>
> Tom Schulz
> Applied Dynamics Intl.
> schulz at adi.com
>

Well, if you use samba-tool to demote a DC, it will tell you if the DC 
holds FSMO roles and exit, so probably windows tools will do the same.

Rowland

More information about the samba mailing list