[Samba] Getting DFSR working after Samba was demoted (using dfsrmig)

[Fabian Fritz]

Hi,

I have a Samba server with an NT4 domain and want to end up with a
Windows Server 2016-only Active Directory. As you've told me here
before, I need a WS 2008 R2 as an intermediary. So right now I'm
trying to get a healthy domain at the 2008 R2 domain level first. So
don't worry about the WS 2016 for now.

Most of it already works: I can do a classicmigrate to AD, then join
the WS2008 and afterwards get rid of all dcdiag errors. What I'm
having problems with though is getting the DFSR replication of SYSVOL
working. I am perfectly aware that Samba doesn't support FRS nor DFSR.
But is it at least possible to get it working after the Samba server
was demoted? Can it at least provide for the necessary LDAP objects?

I tried raising the domain level while I had the Samba server as the
only DC, and then joined the WS, transferred FSMO and then demoted
Samba. I even got FRS working by manually adding a few missing items
in the LDAP database (as described in
https://support.microsoft.com/en-us/help/312862/recovering-missing-frs-objects-and-frs-attributes-in-active-directory).
I checked and it does replicate to another WS DC.

What isn't working is using dfsrmig to get the WS to use DFSR.
Whenever I try that dfsrmig /GetGlobalState tells me that the status
is "Eliminated" even though I haven't even started it and dfsrmig
/GetMigrationState tells me that the WS has the status "Starting". I
also tried raising the domain level only after Samba was already
demoted. But as soon as I did that, again dfsrmig tells me the global
status is eliminated, so supposedly it's done, but it doesn't work.

Is there something I am missing? I've seen that Samba does delete some
FRS- and DFSR-related objects in LDAP when it demotes.

Thanks,
Fabian