[Samba] Unable to transfer ForestDns/DomainDNS

[Jason Waters]

This is the output of that command.

root at DC01:~# ldbsearch --cross-ncs -H ldap://pdc -b
"DC=DomainDnsZones,DC=fisherthompson,DC=local" -s sub -Uadministrator
Password for [FISHERTHOMPSON\administrator]:
search error - LDAP error 10 LDAP_REFERRAL -  <0000202B: RefErr:
DSID-0310063C, data 0, 1 access points
        ref 1: 'DomainDnsZones.fisherthompson.local'
>
<ldap://DomainDnsZones.fisherthompson.local/DC=DomainDnsZones,DC=fisherthompson,DC=local>
root at DC01:~#


wouldn't dcpromo take it out of the active directory? And then seizing it
would have the domain point to the new DC?  I have some printers and things
like that that I would really like time to transfer.  But if I can't I
can't....Or maybe even block with iptables any traffic from PDC to DC01 or
DC02?

On Thu, Jun 23, 2016 at 2:45 PM, Rowland penny <rpenny at samba.org> wrote:

> On 23/06/16 19:26, Jason Waters wrote:
>
>> The built in DNS, sorry if that sounded like it was special!  So do I
>> just seize it then?  And do I do that before or after dcpromo?  Thanks for
>> the help.
>>
>> Jason
>>
>>
> I think you are going to have to, but I would try a further slight test
> first. run this:
>
> ldbsearch --cross-ncs -H ldap://pdc -b
> "DC=DomainDnsZones,DC=fisherthompson,DC=local" -s sub -Uadministrator
>
> This should display all your DNS records
>
> Just double check that they don't exist.
>
> If you then go on to seize the roles, use the '--force' option with
> 'samba-tool fsmo seize' , this will bypass trying to transfer the role
> first.
>
> I would transfer anything on the windows DC that you may need, then turn
> it off. You should then be able to seize the roles. Do not bring the old DC
> back on line unless you stop the DC software from starting, I would also
> change its hostname and if possible, its ipaddress.
>
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>