[Samba] Transfer FSMO roles to a new DC
Rommel Rodriguez Toirac
rommelrt at nauta.cu
Fri Oct 29 16:36:39 UTC 2021
Hello all;
I have join a new domain controller [gtmad2](Ubuntu with samba4 version 4.14.8) to a Samba4 Domain (main DC version 4.14.3 in CentOS8)[gtmad1].
I want to replace the samba-4.14.3 (CentOS8)[host name gtmad1] and I have transferered the FSMO roles to the new one samba-4.14.8 (Ubuntu 20.04)[hostname gtmad2]
Here the transfer commands:
root at gtmad2:~# samba-tool fsmo transfer --role=rid
FSMO transfer of 'rid' role successful
root at gtmad2:~# samba-tool fsmo transfer --role=pdc
FSMO transfer of 'pdc' role successful
root at gtmad2:~# samba-tool fsmo transfer --role=infrastructure
FSMO transfer of 'infrastructure' role successful
root at gtmad2:~# samba-tool fsmo transfer --role=schema
FSMO transfer of 'schema' role successful
root at gtmad2:~# samba-tool fsmo transfer --role=naming
FSMO transfer of 'naming' role successful
root at gtmad2:~# samba-tool fsmo transfer --role=domaindns -UAdministrator
Password for [ATGTM00\Administrator]:
FSMO transfer of 'domaindns' role successful
root at gtmad2:~# samba-tool fsmo transfer --role=forestdns -UAdministrator
Password for [ATGTM00\Administrator]:
FSMO transfer of 'forestdns' role successful
All transfer were successful, but when I check I have a problem.
From the new DC [gtmad2] still look the other DC [gtmad1] as owner of the FSMO roles and from gtmad1 it look to gtmad2 like the FSMO roles owner.
root at gtmad2:~# samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS Settings,CN=GTMAD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
InfrastructureMasterRole owner: CN=NTDS Settings,CN=GTMAD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
RidAllocationMasterRole owner: CN=NTDS Settings,CN=GTMAD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
PdcEmulationMasterRole owner: CN=NTDS Settings,CN=GTMAD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
DomainNamingMasterRole owner: CN=NTDS Settings,CN=GTMAD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
DomainDnsZonesMasterRole owner: CN=NTDS Settings,CN=GTMAD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
ForestDnsZonesMasterRole owner: CN=NTDS Settings,CN=GTMAD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
root at gtmad2:~#
[root at gtmad1 samba]# samba-tool fsmo show
ldb_wrap open of secrets.ldb
SchemaMasterRole owner: CN=NTDS Settings,CN=GTMAD2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
InfrastructureMasterRole owner: CN=NTDS Settings,CN=GTMAD2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
RidAllocationMasterRole owner: CN=NTDS Settings,CN=GTMAD2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
PdcEmulationMasterRole owner: CN=NTDS Settings,CN=GTMAD2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
DomainNamingMasterRole owner: CN=NTDS Settings,CN=GTMAD2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
DomainDnsZonesMasterRole owner: CN=NTDS Settings,CN=GTMAD2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
ForestDnsZonesMasterRole owner: CN=NTDS Settings,CN=GTMAD2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
[root at gtmad1 samba]#
What could be possible to to be wrong?
Any ideas?
--
Rommel Rodriguez Toirac
rommelrt at nauta.cu
More information about the samba
mailing list