[Samba] Demoted/removed a DC, and the NS records?

Denis Cardon dcardon at tranquil.it
Fri Feb 15 13:15:31 UTC 2019 

Hi Marco,

> Following:
> 	https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC
>
> i've demoted and removed a DC. Seems all went as expected:
>
>  root at vdcud1:~# samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it  -U gaio
>  Using vdcsv1.ad.fvg.lnf.it as partner server for the demotion
>  Password for [LNFFVG\gaio]:
>  Deactivating inbound replication
>  Asking partner server vdcsv1.ad.fvg.lnf.it to synchronize from us
>  Changing userControl and container
>  Removing Sysvol reference: CN=VDCUD1,CN=Enterprise,CN=Microsoft System Volumes,CN=System,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
>  Removing Sysvol reference: CN=VDCUD1,CN=ad.fvg.lnf.it,CN=Microsoft System Volumes,CN=System,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
>  Removing Sysvol reference: CN=VDCUD1,CN=Domain System Volumes (SYSVOL share),CN=File Replication Service,CN=System,DC=ad,DC=fvg,DC=lnf,DC=it
>  Removing Sysvol reference: CN=VDCUD1,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=ad,DC=fvg,DC=lnf,DC=it
>  Demote successful

what version of Samba are you running? Recent versions do a much better 
job at DNS cleaning during demote.

I also advise you to run the demote on another DC than the one you are 
demoting (samba-tool doamin demote --remove-other-dead-server=xxxxx). 
Running a demote on the server you are demoting feels awkward as it 
looks like you are sawing the branch you are sitting on.

Cheers,

Denis

>
> Following the wiki, now i'm cleaning the DNS, because still:
>
>  gaio at hermione:~$ dig ns ad.fvg.lnf.it @vdcsv1
>
>  ; <<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>> ns ad.fvg.lnf.it @vdcsv1
>  ;; global options: +cmd
>  ;; Got answer:
>  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29592
>  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 1
>
>  ;; OPT PSEUDOSECTION:
>  ; EDNS: version: 0, flags:; udp: 4096
>  ;; QUESTION SECTION:
>  ;ad.fvg.lnf.it.			IN	NS
>
>  ;; ANSWER SECTION:
>  ad.fvg.lnf.it.		900	IN	NS	vdcsv2.ad.fvg.lnf.it.
>  ad.fvg.lnf.it.		900	IN	NS	vdcud1.ad.fvg.lnf.it.
>  ad.fvg.lnf.it.		900	IN	NS	vdcpp1.ad.fvg.lnf.it.
>  ad.fvg.lnf.it.		900	IN	NS	vdctms1.ad.fvg.lnf.it.
>  ad.fvg.lnf.it.		900	IN	NS	vdcpp2.ad.fvg.lnf.it.
>  ad.fvg.lnf.it.		900	IN	NS	vdc3t1.ad.fvg.lnf.it.
>  ad.fvg.lnf.it.		900	IN	NS	vdcsv1.ad.fvg.lnf.it.
>
>  ;; Query time: 0 msec
>  ;; SERVER: 10.5.1.25#53(10.5.1.25)
>  ;; WHEN: Fri Feb 15 12:05:24 CET 2019
>  ;; MSG SIZE  rcvd: 190
>
> I've removed some entry (mostly, the GUID alias), but seems there's no
> way to remove the NS record (right clinking it, there's no 'remove').
>
> I need to click 'properties' and on the 'name server' tab, remove here?
>
>
> Thanks.
>

-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint SĂ©bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil.it

Samba install wiki for Frenchies : https://dev.tranquil.it
WAPT, software deployment made easy : https://wapt.fr

More information about the samba mailing list