[Samba] Replication only working one way
Peter Pollock
peter.pollock at kingschristian.org
Tue Jul 14 19:45:24 UTC 2020
I knew you were going to say that... but was really hoping you wouldn't!
I've never demoted a Samba DC before, is this the best guide, do you think?
https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC
Thank you so much for your help, by the way. I really appreciate it
On Tue, Jul 14, 2020 at 11:28 AM Rowland penny via samba <
samba at lists.samba.org> wrote:
> On 14/07/2020 19:07, Peter Pollock wrote:
> > Checking the databases against each other throws up pages and pages of
> > errors. The two are completely out of sync now.
> >
> > What I have seen is that for no apparent reason, one of the servers
> > suddenly decided it would sync with the Windows server, which appears
> > to have updated the schema. Yesterday when I compared the databases on
> > the two linux servers they only had a couple of errors, today, many
> > errors and now the schema says it is a different size:
> >
> > * Result for [CONFIGURATION]: FAILURE
> >
> > SUMMARY
> > ---------
> >
> > Attributes found only in ldap://genesis:
> >
> > dSASignature
> > serverReference
> >
> > Attributes with different values:
> >
> > msDS-NC-Replica-Locations
> > extraColumns
> > mS-DS-ReplicatesNCReason
> > adminPropertyPages
> > appliesTo
> > attributeDisplayNames
> > masteredBy
> > interSiteTopologyGenerator
> > adminContextMenu
> > msDs-masteredBy
> > classDisplayName
> > revision
> >
> > * Comparing [SCHEMA] context...
> >
> > * DN lists have different size: 1789 != 1569
> > CN=Dns-Zone-Scope,CN=Schema,CN=Configuration,DC=kcs,DC=local
> >
> > Genesis is, I believe, correct. Is there a way to force Luke to update
> > itself from Genesis completely?
>
> You said 'Mathew' was a Windows 2008R2 DC, but 'CN=Dns-Zone-Scope' only
> appeared with Windows 2016, which Samba does not yet support. You have,
> undoubtedly and unwittingly, borked your Samba DC's.
>
> If you wish to continue using Samba DC's, you will need to remove the
> Windows 2016 DC from the domain and then use 'Luke' as the main DC,
> hopefully this is still functioning correctly. Seize the FSMO roles to
> Luke, demote the other two DC's and clean them up, then join them to the
> domain again. If everything works okay, then you have been lucky, if it
> doesn't, then do you have backups from before the Windows 2016 dc was
> added ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list