[Samba] How to cleanly remove a DC from Samba domain?
Alexandros Karypidis
akarypid at yahoo.gr
Mon May 29 10:03:36 UTC 2023
Hello,
I have a domain with three controllers (DC1/DC2/DC3). One is completely non-existent and offline (DC3).
I am trying to remove the online controller completely from the domain. The Samba wiki is currently offline, but from recollection I did the following to remove DC2:
- transferred all FSMO to DC1
- demoted DC2
The demotion part seems to have succeeded:
---
root at dc2 ~# samba-tool domain demote -Uadministrator
Using dc1.ad.home.lan as partner server for the demotion
Password for [HOME\administrator]:
Deactivating inbound replication
Asking partner server dc1.ad.home.lan to synchronize from us
Changing userControl and container
Removing Sysvol reference: CN=DC2,CN=Enterprise,CN=Microsoft System Volumes,CN=System,CN=Configuration,DC=ad,DC=home,DC=lan
... (prune lines for ldap updates)
Demote successful
---
Now if on DC1 I run "samba-tool drs showrepl" it only shows only DC3 (the offline one) but DC2 is no longer a replication partner...
However, DC2 is still a member computer (not domain controller) and I can't seem to remove it:
---
root at dc1 ~# samba-tool computer list
DC1$
DC3$
... other computers
DC2$
root at dc1 ~# samba-tool computer delete DC2
ERROR(ldb): Failed to remove computer "DC2$" - subtree_delete: Unable to delete a non-leaf node (it has 1 children)!
---
1) How do I go about removing it completely?
2) DC2 is still up and running Samba, can I stop it and bring it offline at this stage? Also, would the demotion have worked if DC2 had samba daemons stopped or are they required for the demotion part?
Thank you
More information about the samba
mailing list