[Samba] FSMO transfer status

Rowland penny rpenny at samba.org
Fri May 21 08:04:20 UTC 2021 

On 21/05/2021 08:49, Anders Östling wrote:
> Hi Rowland
>
> You are right, I forgot to use the -U flag. Anyway, the roles seems to
> be been transferred anyway, I also confirmed that on the Windows side.
>
> I went back to the Windows server and claimed back all 5 roles to


There are 7 roles actually, but Windows only seems to acknowledge 5.

> Windows AD (using 3 different tools, great work Microsoft!).
> Confirmed on Samba AD that the roles were back on Windows/HP-SRV02
>
> root at HP-SRV10:/var/log/samba# samba-tool fsmo show
> SchemaMasterRole owner: CN=NTDS
> Settings,CN=HP-SRV02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hoganas-platslagaren,DC=se
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=HP-SRV02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hoganas-platslagaren,DC=se
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=HP-SRV02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hoganas-platslagaren,DC=se
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=HP-SRV02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hoganas-platslagaren,DC=se
> DomainNamingMasterRole owner: CN=NTDS
> tSettings,CN=HP-SRV02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hoganas-platslagaren,DC=se
> DomainDnsZonesMasterRole owner: CN=NTDS
> Settings\0ADEL:5e505c90-eb8a-4f9f-aee6-6688c2142282,CN=HP-SRV01\0ADEL:fa807549-7d37-4c24-b8c1-d265acacca5e,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hoganas-platslagaren,DC=se
> ForestDnsZonesMasterRole owner: CN=NTDS
> Settings\0ADEL:5e505c90-eb8a-4f9f-aee6-6688c2142282,CN=HP-SRV01\0ADEL:fa807549-7d37-4c24-b8c1-d265acacca5e,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hoganas-platslagaren,DC=se


The '\0ADEL' means these are deleted objects.

> Maybe I need to roll-back both VM's and start over, unless you have an
> idea on what this means.


Try seizing the roles to a Samba DC, but this time use '-U'

I could try to fix the code, but it would probably get rejected, so why 
bother ?

Rowland

More information about the samba mailing list