[Samba] Demote Win2008R2 DC Fail

Jason Waters jason at geeknocity.com
Tue Jul 12 12:33:59 UTC 2016 

This is what I would do.

1. Make sure everything is off of the 2008 machine so you don't need to
turn it back on
2. Shut down the 2008 machine
2.5 Update your DNS on the samba machine to be the samba machine, not the
2008 DC
3. Test everything and make sure samba is fully working on your domain
4. Test everything again
5. Test!
6. Seize the roles on your samba machine, samba-tool fsmo seize --force
--role=all -Uadministrator
         I don't think you need the -U, but just in case
7. Reboot that machine and make sure everything looks good
8. make sure samba-tool fsmo show, shows all 7 roles of the samba machine
9. From a workstation, run the Metadata clean.vbs script.  This will remove
the replication to the now off 2008 DC
10. Reboot the samba box
11. run samba-tool drs showrepl and it shouldn't show any partners
12. Once that is done you should just have samba.  You can then add more
DC's with

samba-tool domain join domain.local DC -UAdministrator

and any other options you need.


On Tue, Jul 12, 2016 at 8:24 AM, Anderson Hoffmann do Carmo <
anderson.hoffmann at gsurfnet.com> wrote:

> I want to move all to SAMBA and remove Windows DC from AD (no mix)
>
>
> Anderson Hoffmann do Carmo
> MCP | MTA | MCDST | MCTS | MCSA | MS | MOS |
> ITIL-F | ISFS | CLOUDF | CI-SCS | VCA-DCV |
>
>
>
> 2016-07-12 9:19 GMT-03:00 Jason Waters <jason at geeknocity.com>:
>
>> Do you want to keep this 2008 machine in the mix?  Or are you looking to
>> move everything to samba?
>>
>> On Tue, Jul 12, 2016 at 8:14 AM, Rowland penny <rpenny at samba.org> wrote:
>>
>> > On 11/07/16 21:43, Rowland penny wrote:
>> >
>> >> On 11/07/16 21:38, Jason Waters wrote:
>> >>
>> >>> Didn't his second email show the output of fsmo show?  Which showed
>> all
>> >>> 7 roles.  But you are correct, making sure things are actually there
>> before
>> >>> he kills the old one is best!
>> >>>
>> >>> On Mon, Jul 11, 2016 at 4:13 PM, Rowland penny <rpenny at samba.org
>> >>> <mailto:rpenny at samba.org>> wrote:
>> >>>
>> >>>     On 11/07/16 21:06, Jason Waters wrote:
>> >>>
>> >>>         It did show that he had all 7 but that is a good point. I
>> >>>         would shutdown the 2008 server and make sure users can login,
>> >>>         etc....
>> >>>
>> >>>
>> >>>     I haven't seen the OP saying  that the Samba  DC is showing all
>> >>>     the 7 FSMO roles and I would like to know. I need to know what, if
>> >>>     anything, is different on an AD DC, DNS wise.
>> >>>
>> >>>     Rowland
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >> Rats, I sometimes hate Thunderbird, it was hidden by a 'show quoted
>> >> text', yes it does look like his Samba DC has all the FSMO roles,
>> provided
>> >> his Samba DC is called 'GTESTE2'
>> >>
>> >> Rowland
>> >>
>> >
>> > OK, I did a bit of googling and it seems that this is not just a Samba
>> > problem, see here:
>> >
>> >
>> >
>> https://social.technet.microsoft.com/Forums/scriptcenter/en-US/b1af276f-1a12-4a78-8ea3-f49ab04844ea/the-directory-service-is-missing-mandatory-configuration-information-and-is-unable-to-determine-the?forum=winserverDS
>> >
>> > Read right to the bottom, I think the answer is there.
>> >
>> > Rowland
>> >
>> >
>> >
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions:  https://lists.samba.org/mailman/options/samba
>> >
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>

More information about the samba mailing list