[Samba] Unable to transfer ForestDns/DomainDNS

Jason Waters jason at geeknocity.com
Thu Jun 23 19:37:18 UTC 2016 

You said, "From what you posted earlier, the domain already points to the
new DC, you just need to get the DNS fsmo roles."

how so?  The fsmo show, shows PDC, which is the old DC.  DC01 is the new
one.  Or am I missing something else?

As far as keeping it online I will just move everything I can and then
seize and shut it down.  I can turn off the networking to it since it is a
VM and still see some things. Won't the new DC's(DC01,DC02) still
have replication information about PDC though?  the seize command wouldn't
adjust that?



On Thu, Jun 23, 2016 at 3:28 PM, Rowland penny <rpenny at samba.org> wrote:

> On 23/06/16 19:53, Jason Waters wrote:
>
>> This is the output of that command.
>>
>> root at DC01:~# ldbsearch --cross-ncs -H ldap://pdc -b
>> "DC=DomainDnsZones,DC=fisherthompson,DC=local" -s sub -Uadministrator
>> Password for [FISHERTHOMPSON\administrator]:
>> search error - LDAP error 10 LDAP_REFERRAL -  <0000202B: RefErr:
>> DSID-0310063C, data 0, 1 access points
>>         ref 1: 'DomainDnsZones.fisherthompson.local'
>> >
>> <ldap://DomainDnsZones.fisherthompson.local/DC=DomainDnsZones,DC=fisherthompson,DC=local>
>> root at DC01:~#
>>
>>
>> wouldn't dcpromo take it out of the active directory?
>>
>
> I haven't a clue :-)
> I have never used dcpromo, but from my dealings with microsoft, dcpromo
> probably is another name for dcdelete :-D
>
> And then seizing it would have the domain point to the new DC?
>>
>
> From what you posted earlier, the domain already points to the new DC, you
> just need to get the DNS fsmo roles.
>
>   I have some printers and things like that that I would really like time
>> to transfer.
>>
>
> See here for printer setup:
> https://wiki.samba.org/index.php/Print_server_support
>
> and here for shares:
> https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
>
> But if I can't I can't....Or maybe even block with iptables any traffic
>> from PDC to DC01 or DC02?
>>
>
> The problem with the old DC, is not so much the old DC, but with what is
> in AD, if you can be sure that all references to the old DC being in charge
> of anything is removed, then you probably can still use it, but there is
> the problem of lack of DNS info in the old DCs AD.
>
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list