[Samba] How to cleanly remove a DC from Samba domain?

[Rowland Penny]

On 29/05/2023 11:46, Alexandros Karypidis via samba wrote:
> 
> I used Apache Directory Studio to remove the "RID Set" node and after that a simple "samba-tool computer delete DC2" worked just fine.
> 
> Perhaps the version of Samba in TurnKey Linux V16.1 has a bug (4.9.5-Debian)? Likely demotion should remove leaf nodes from domain controllers as part of the process.
> 
> I have now recreated DC2 using TurnKey Linux V17.1 (4.17.6-Debian) and so far everything seems normal. I will take new backups, and then proceed to do the same with DC1 to sync up the versions.
> 
> 

The problem with using things like turnkey Linux, is that you are 
totally reliant on whatever package versions they supply. Samba 4.9.5 
was the mainstay of Debian 10 which was replaced by Debian 11 in August 
2021. Debian 11 came with 4.13.X , but after Debian gained a new Samba 
maintainer, a much newer version was quickly available from backports 
(latest is 4.17.8).

Turnkey Linux seemed to stagnate on 4.9.5 for quite sometime and only 
recently started using a newer version of Samba. It also uses webmin, 
now I cannot recommend using the webmin Samba module, it is extremely 
out of date (unless it has been upgraded recently), it is so out of 
date, it has no concept of the 'idmap config' lines and other things to 
do with running a Samba AD DC.

In my opinion, you would probably be better off running bare Debian and 
installing and configuring Samba yourself.

If there is a demote bug in 4.9.5 , then you have no chance of getting 
it fixed, unless the bug still exists in a later, supported version.

Note: all of the above are my opinions and have nothing to do with Samba 
or anyone else.

Rowland