[Samba] LDAP error 53 LDAP_UNWILLING_TO_PERFORM
Rowland Penny
rpenny at samba.org
Wed Feb 26 08:44:37 UTC 2025
On Tue, 25 Feb 2025 20:13:54 -0300
Epsilon Minus <theepsilonminus at gmail.com> wrote:
> On Wed, Jan 22, 2025 at 4:41 PM Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> >
> > On Wed, 22 Jan 2025 16:29:46 -0300
> > Epsilon Minus via samba <samba at lists.samba.org> wrote:
> > >
> > > Rowland, Thank you for your prompt response!
> > >
> > > To clarify, the Active Directory is not that old; it is running on
> > > Windows Server 2012 and was installed with that version. The
> > > Forest Level and Domain Level are set to 2008 R2 for the
> > > migration.
> > >
> > > If the domain name is not the issue, what else could I
> > > investigate?
> > >
> > > I appreciate your guidance!
> > >
> > > Best regards,
> > >
> >
> > Try seizing the role, use '--force' or it will attempt to transfer
> > it first.
> >
> > Rowland
> >
>
> Thanks Rowland, with the sieze it was possible to migrate with:
>
> samba-tool fsmo seize
>
> when demoing the old Windows, I got the following message:
>
> "The operation failed because:
>
> Active Directory Domain Services could not find another Active
> Directory Domain Controller to transfer the remaining data in the
> directory partition:
> DC=ForestDnsZones,DC=DOMAIN,DC=local.
>
> The specified domain either does not exist or could not be
> contacted"
>
>
> Any idea how to proceed?
It sounds like you are trying to remove an existing DC, if this is the
case, then:
A) Turn off the DC that you want to remove.
B) Ensure it is never turned on again.
C) Run this on a Samba AD DC: 'samba-tool domain demote
--remove-other-dead-server=THE_DEAD_DCs_NAME -U Administrator'
D) check AD for anything that refers to the dead DC.
Also, please do not 'CC' me, it breaks my email flow.
Rowland
More information about the samba
mailing list