[Samba] Replication not working for remote Domain Controller

[shacky]

>
> I have been doing a bit of investigation and I 'think' we do have a tool
> ;-)
>

Gooooooooddd!! :-)


> If you examine 'samba_upgradedns', at the top it says this:
> # Upgrade DNS provision from BIND9_FLATFILE to BIND9_DLZ or SAMBA_INTERNAL
> I think if you use it to upgrade to either BIND_DLZ or SAMBA_INTERNAL,
> it should create the required AD objects.
>

I'm using BIND9_DLZ because Bind is running on my Zentyal PDCs and the DNS
service is disabled on Samba on every domain controller:

=====================
server services = -dns
=====================

Is there any way that you could clone a DC and sandbox it (you will
> probably have to forcibly demote the other DCs) and then run
> samba_upgradedns against it ?
>

Yes, I can clone the dc1 virtual machine, remove it from the network, try
to upgrade the DNS, demote all other domain controllers, and then recheck
with ldbsearch.

Do you think that this could be the cause of other two problems I reported
in my previous email?

I also checked the schema version and it seems to be Windows Server 2012R2:

=====================
root at dc1:/ (10:55:28)# ldbsearch -H /var/lib/samba/private/sam.ldb -b
'cn=Schema,cn=Configuration,dc=my,dc=domain,dc=com' -s base objectVersion
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
# record 1
dn: CN=Schema,CN=Configuration,DC=my,DC=domain,DC=com
objectVersion: 47

# returned 1 records
# 1 entries
# 0 referrals
=====================

Thanks again!
Bye