[Samba] Transferring FSMO Roles to Server 2008 R2 DC
Kelvin Yip
kelvin at icshk.com
Mon Nov 7 02:47:53 UTC 2016
Hi,
Would you mind telling me which version of samba are you using to transfer the FSMO roles ?
Seems I cannot transfer using Samba 4.5.1.
Thanks.
Best,
Kelvin Yip
-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Thomas Maerz via samba
Sent: Wednesday, October 19, 2016 1:00 AM
To: samba <samba at lists.samba.org>
Subject: [Samba] Transferring FSMO Roles to Server 2008 R2 DC
Hello,
As far as I know, there is no Wiki article for transferring FSMO Roles to Server 2008 R2 DC. This article’s focus is on joining a Server 2012 DC to a Samba4 domain, but it touches on the subject: https://wiki.samba.org/index.php/Joining_a_Windows_Server_2012_/_2012_R2_DC_to_a_Samba_AD <https://wiki.samba.org/index.php/Joining_a_Windows_Server_2012_/_2012_R2_DC_to_a_Samba_AD>
I would like to suggest a new wiki page be made for transferring FSMO Roles to Server 2008/2008 R2 DC specifically and have some notes to add to what is present in the 2012 joining page.
1. RE: The SysVol replication section: Robocopy based sysvol replication appears to only be for Samba4 —> Windows DC SysVol Replication, so I don’t think it is applicable if the FSMO is a Windows DC 2. RE: The SysVol Share section: The SysVol share doesn’t exist upon successful join of 2008/R2 DC, but the netlogon share also does not exist and this is not addressed in the article 3. RE: FSMO Roles section: This section references Transferring and seizing FSMO_Roles wiki article, which points to https://support.microsoft.com/en-us/kb/324801 to do this the MS way. This only addresses the first 5 roles shown in samba-tool fsmo show. In order to move DomainDnsZonesMasterRole and ForestDnsZonesMasterRole, the following steps are necessary:
To transfer the infrastructure master for application partitions:
Open ADSIEdit. Connect to the server you want to transfer the roles to (it is important, otherwise you'll get an error).
For domain DNS zones:
Connect to DC=DomainDnsZones,DC=yourdomain,DC=tld
Open the properties of the object CN=Infrastructure,DC=DomainDnsZones,DC=yourdomain,DC=tld
Change the attribute fSMORoleOwner toCN=NTDSSettings,CN=Name_of_DC,CN=Servers,CN=DRSite,CN=Sites,CN=Configuration,DC=Yourdomain,DC=TLD
For forest DNS zones
Connect to DC=ForestDnsZones,DC=yourdomain,DC=tld and do the same.
Same for any other application partitions if they exist.
Source: https://social.technet.microsoft.com/Forums/windowsserver/en-US/b77a7e5c-590e-4d23-a9cb-8c4c0f403baf/forestdnszones-and-domaindnszones-have-wrong-infrastructure-role-record?forum=winserverDS <https://social.technet.microsoft.com/Forums/windowsserver/en-US/b77a7e5c-590e-4d23-a9cb-8c4c0f403baf/forestdnszones-and-domaindnszones-have-wrong-infrastructure-role-record?forum=winserverDS>
i have tested this process and it works to get all FSMO roles transferred to Windows Server 2008R2 DC.
Thomas Maerz
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list