[Samba] Failed Xfer of domain and forest fsmo
rpenny at samba.org
Fri Jul 19 20:23:26 UTC 2019
On 19/07/2019 21:14, Robert A Wooldridge via samba wrote:
> On 07/19/2019 03:08 PM, Rowland penny via samba wrote:
>> On 19/07/2019 20:41, Robert A Wooldridge via samba wrote:
>>> I have transferred all fsmo's except domain and forest. When I
>>> attempt either one of these I get this error:
>>> samba-tool fsmo transfer --role=forestdns
>>> ERROR: Failed to delete role 'forestdns': LDAP error 50
>>> LDAP_INSUFFICIENT_ACCESS_RIGHTS - <00002098: SecErr: DSID-03151D80,
>>> problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
>>> > <>
>>> Any ideas on how to overcome this?
>> If you run: samba-tool fsmo transfer --help
>> Amongst the output is this:
>> --role=ROLE The FSMO role to seize or transfer.
> The role I specified is forestdns.
>> above You must provide an Admin
>> user and password.
> After I provided the user and password, it failed but when I queried
> for role assignments it says the forestdns is unassigned. So I did a
> seize and this worked. Do I have to shutdown the DC that was the
> primary before?
No, it is just a setting, as long as only one DC holds a particular FSMO
role, you shouldn't have a problem.
I must fix that code, it should check if an admin user and password is
supplied if you are transferring all the roles or just the
domaindns/forestdns roles and exit if they are not supplied.
More information about the samba