[Samba] messy replication
Rowland penny
rpenny at samba.org
Thu Jul 18 11:33:35 UTC 2019
On 18/07/2019 12:17, Adam Weremczuk via samba wrote:
> On 18/07/19 11:42, Rowland penny via samba wrote:
>
>> Well, 'dns-dc2' is the user for Bind9 on dc2, so you shouldn't try to
>> create it yourself.
>>
>> Easiest way will be to remove all mention of the dead DC, then use
>> 'samba_upgradedns' to upgrade to the internal dns server, then run it
>> again to upgrade to Bind9 again, this will create the required user
>> for you.
>>
>> Rowland
>
> I'm not sure if your advice applies.
> What I'm trying to achieve is to trick dc2 to forget about dc1 so I
> can demote dc2.
> Dc1 is not dead, I want it live and well!
> I'm trying to kill dc2 and make dc1 also forget about it.
> Makes sense?
>
> The entire record ldbedit (on dc2) complains about:
>
> # record 4032
> dn: CN=dns-dc1,CN=Users,DC=example,DC=co,DC=uk
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: dns-dc1
> description: DNS Service Account for skippy
> instanceType: 4
> whenCreated: 20130810204304.0Z
> whenChanged: 20130810204304.0Z
> uSNCreated: 3228
> name: dns-dc1
> objectGUID: 5daf1211-78c3-45a0-a1c6-ec490451ef71
> userAccountControl: 512
> codePage: 0
> countryCode: 0
> pwdLastSet: 130206409840000000
> primaryGroupID: 513
> objectSid: S-1-5-21-156202952-582183142-927750060-1186
> accountExpires: 9223372036854775807
> sAMAccountName: dns-dc1
> sAMAccountType: 805306368
> servicePrincipalName: DNS/dc1.example.co.uk
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=co,DC
> =uk
> isCriticalSystemObject: TRUE
> uSNChanged: 3372
> distinguishedName: CN=dns-dc1,CN=Users,DC=example,DC=co,DC=uk
>
> All I did was replacing dc1 with dc2.
>
> I need to be careful with switching DNS etc.
> Both dc1 and dc2 currently own all FSMO roles and I already have some
> problems because of that.
>
> Adam
>
I would clone the DC you want keep, move the clone away from the domain
(easiest way, unplug the ethernet) then remove the old dead DC from this
and ensure it works. If you want to use Bind9 and don't have the 'dns-*'
user, then run samba-upgradedns as I said earlier.
Once you are sure just what to do, turn off the DC you don't want and
then carry out the clean up procedure you used on the clone. This should
get you back to just one DC.
Rowland
More information about the samba
mailing list