[Samba] Moving FSMO roles doesnt affect srv records in DNS ?.
rpenny at samba.org
Wed Sep 23 13:26:47 UTC 2020
On 23/09/2020 12:40, Peter Boos via samba wrote:
> We've added an extra DC for redundancy to the Debian based Active Directory.
> We updated our older smaba version to the current one, and joined a new DC.
> Then the commands where givven to move all the FSMO roles
> Which we verified with "samba-tool fsmo show", which showed that all roles are on the new DC.
> However in DNS all underscore srv records of the AD services still point to the old server.
> Not sure how samba handels it, though as the virtual pdc emulator is pointing to the old DNS server.
> The old DC still seams to handle all logon's now.
> As we verified by cmd command set in win 10 clients (showing logon server as the old dc)..
> Is this normal behaviour for Samba, are srv records not updated ?.
> I find it strange and am wondered if our AD is now running as intended.
> How to verify Samba.
This is the way it is supposed to work: Every so often, samba_dnsupdate
is run on a DC, this uses a file 'dns_update_list'. Any missing files
from the list are created. One of the lines from the list is this:
# The PDC emulator
I think if you check again, you will now have the required SRV record,
but you may also have another record for the old pdc_emulator role
owner. Whilst it seems there is code to add the _ldap._tcp.pdc record,
there doesn't seem to any to remove it from the old role owner.
You can remove the incorrect record (if you have it) with 'samba-tool
More information about the samba