[Samba] Failed to commit objects: DOS code 0x000021bf attempting to add DC to Zentyal 3.2 domain (samba 4.1.7)

Tue May 26 12:16:40 UTC 2020

----- On May 26, 2020, at 4:27 AM, Rowland Penny rpenny at samba.org wrote:
>>> Not a huge domain - maybe 8 users or so.  When you say in place
>>> upgrade are you talking about upgrading Zentyal so that Samba gets
>>> upgraded to at least 4.5 or above?
>> Yes, or Samba on the Zentyal appliance - even if built manually and
>> just pointed at the right directories (after forcefully disabling the
>> installed Samba).  I'm not sure how well a modern Samba would build
>> there, you might have to build 4.5.
>>
>> But if just 8 users, the simplest approach might be to just make your
>> domain as 'flat' as possible then try replication again, and fix it up
>> later.
>>
>> All the best,
>>
>> Andrew Bartlett
>>
> Sorry Andrew, but I do not agree, in my opinion the best option would be
> to start again. With only 8 users (and presumably a similar number of
> computers), it will be quicker and easier to create a new domain.
> 
> Zentyal 3.2 is based on Ubuntu 12.04, so I am unsure whether 4.5 will
> build on it, even if it does, there is is still the problem of the early
> dns schema.
> 
> The amount of work involved in getting the Zentyal domain upgraded will
> be far more than setting up a new domain.
> 
> Rowland

There are other factors outside of the domain migration to take into consideration as well.  If I rebuild the domain I have to physically go there because to remotely disjoin/rejoin the windows stations, although it can be done, it would be better to be onsite if issues arise.  Next, they have a windows server running some complicated software that is joined to this domain so not keen on disjoining/rejoining that server as I don't know what havoc it would create with some very touchy apps.

I have a post into the zentyal forums to find out if there is a clean migration path to their 6.x version.. so far nobody has responded.  I will give it a while and see if someone answers.  I don't know what Samba version their 6.x product uses but it is very likely higher than 4.5.  

Doing this remotely in off-hours is appealing because I can do it from my home so I can afford to spend some extra "free" time as long as I am careful with VMWare snapshots so I can undo disaster if it occurs :) 

Andrew, what did you mean "as flat as possible"?  I have very little as far as objects in the AD database.. mainly users and if DNS is integrated, DNS entries.  Also not a lot of structure as far as OUs and whatnot.  