[Samba] Joining Windows 2008 Domain as DC fails 4.10 (and 4.11rc3)

Vincent Sherwood vsmaillist at gmail.com
Thu Sep 12 00:29:20 UTC 2019


Thanks for the suggestion.

To help anyone else who might run into this same issue and find this
thread, I will detail what I found.

After much searching I finally found an article on the web that talked
about how the Replication options for the Microsoft DNS server changed in
Windows 2003.  Since our DNS is around since Windows 2000, the data was
still stored in AD in the old Windows 2000 compatible location. The
samba-tool clearly does not handle this situation. It expects to find the
DNS data in the new Windows 2003 and later storage location.

The recommendation in the article was to have the
    _msdcs.mydomain.ext zone replicated to all DNS servers in this FOREST.
    mydomain.ext zone replicated to all DNS servers in this DOMAIN.

To change the storage location of the DNS storage to the location
samba-tool expects to find the data in, I did the following

Open the Microsoft DNS manager

Expand the existing master Domain Controller
Expand the Forward Lookup Zones folder
Right-click on the domain, mydomain.ext, and select Properties
On the General tab the DNS showed as
     Type: Active Directory-Integrated
     Replication: All domain controllers in this domain (for Windows 2000

I clicked on the Change... button beside Replication and selected the
   ( ) To all DNS servers running on domain controllers in this domain:

I clicked OK, and then clicked Apply on the Properties dialog to save the

I waited for the change to be replicated to the DNS server on the second
Windows DC, and then re-ran the samba-tool join command.

This time the samba-tool join succeeded.

Thanks for your help

On Wed, 11 Sep 2019 at 22:15, Rowland penny via samba <samba at lists.samba.org>

> > Join failed - cleaning up
> I think you need to upgrade your DNS in AD,
> 'DC=mydomain.ext,CN=MicrosoftDNS,CN=System' should be
> 'DC=mydomain.ext,CN=MicrosoftDNS,DC=DomainDnsZones'
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list