[Samba] questions regarding the Demoting an Offline Domain Controller procedure
Jean-Louis Biasini
jl.biasini at laposte.net
Mon Aug 28 10:00:57 UTC 2023
hello all,
To give some follow up info if anyone is affected by 1. too:
Le 14/07/2022 à 19:34, Jean-Louis Biasini a écrit :
>>> 1. The procedure went well and no other problems occured, but since
>>> then, I have the following popping up in the log of all the
>>> remaining DCs at restart:
>>>
>>> ../../source4/dsdb/kcc/scavenge_dns_records.c:491(dns_delete_tombstones)
>>>
>>> dns_delete_tombstones: A tombstoned dnsNode has non-tombstoned
>>> records, which should not happen.
>>>
>>> How can I find and delete those remaining record? I don’t see
>>> anything related to the demoted DC with rsat DNS tool nor with:
>>>
>>> ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationId=*)'
>>> --cross-ncs objectguid
the proper ldap request to perform is:
ldapsearch -H ldaps://ADSERVER_FQDN_DNSNAME:636 -x -W -D
"administrator at example.domain.tld" -b
'DC=DomainDnsZones,DC=example,DC=domain,DC=tld' "(dNSTombstoned=TRUE)"
Make sure whatever DC that comes up is not in used anymore and that all
related dns record have been deleted
Then you can delete that record with ldapdelete.
>>> 2. the procedure states that I shouldn’t reconnect et demoted
>>> offline dc, does this apply only to that specific machine? Can I
>>> declare a new dc with the same name and/or ip and/or mac address
>>> (VM) or should this also be avoided?
I’m still looking for answers as to this question 2.
have a nice day
jean-louis
More information about the samba
mailing list