[Samba] best practice for migrating win-dc to samba-dc

d tbsky tbskyd at gmail.com
Tue May 8 10:23:40 UTC 2018 

Hi:
     I want to test migrating windows dc to samba dc (without
considering sysvol replication).
     I installed brand new 2003R2, 2008R2, 2012R2 (with 2008R2
functional level).
     I compiled samba 4.7.7, 4.8.1 at  centos 7.4.

   1.  I tried to join samba as DC to windows with command:

     samba-tool  domain join  samdom.example.com DC
-U"SAMDOM\administrator" --dns-backend=SAMBA_INTERNAL

      4.7/4.8 to all windows version above success.

   2.   I tried to demote windows DC. "dcpromo" or similar gui from
windows failed. so I try to transfer role to samba with command:

     samba-tool fsmo  transfer --role=all -U Administrator

     the command need to type several times since it will hang.
however, 'domaindns' and 'forestdns' roles transfer never success.
under 2003R2/2008R2 it gave the same error again and again. under
2012R2 it finally said nobody owns the role after several times.

   3. "dcpromo" at windows still failed at windows under current
situation. so I can only seize the two dns roles with command:

      samba-tool fsmo  seize --role=all -U Administrator

       now samba has all 7 fsmo roles.

    4. "dcpromo" still failed at windows. so I can only shutdown
windows and force delete it with command:

      samba-tool domain demote --remove-other-dead-server=WIN-DC

       2003R2/2008 R2 success. the windows DC is destroyed. so I think
the migration completed.

        but I can not make the final step work for 2012R2. the result below:

Removing nTDSConnection:
CN=da85789a-f8d0-4c3b-aa0a-4a0c3182a916,CN=NTDS
Settings,CN=SAMBA-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
Removing nTDSDSA: CN=NTDS
Settings,CN=WIN-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com(and
any children)
ERROR(ldb): uncaught exception - subtree_delete: Unable to delete a
non-leaf node (it has 1 children)!
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
line 730, in run
    remove_dc.remove_dc(samdb, logger, remove_other_dead_server)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/remove_dc.py",
line 423, in remove_dc
    remove_dns_account=True)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/remove_dc.py",
line 351, in offline_remove_ntds_dc
    remove_dns_account=remove_dns_account)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/remove_dc.py",
line 230, in offline_remove_server
    samdb.delete(server_dn)
A transaction is still active in ldb context [0x1f72f50] on
tdb:///usr/local/samba/private/sam.ldb


    any hint to resolve the error?

Regards,
tbskyd

More information about the samba mailing list