[Samba] LDAP error 53 LDAP_UNWILLING_TO_PERFORM

Rowland Penny rpenny at samba.org
Wed Jan 22 10:11:46 UTC 2025


On Tue, 21 Jan 2025 20:31:11 -0300
Epsilon Minus via samba <samba at lists.samba.org> wrote:

> Hi everyone!
> 
> I hope this message finds you well. I am reaching out to seek
> assistance regarding an issue I am experiencing while transferring
> domain roles in my Samba setup.
> 
> In a previous email thread that I no longer have access to, I
> encountered a similar problem, which I would like to reference: Samba
> Mailing List Archive.
> 
> Currently, I am attempting to transfer the 'forestdns' role using the
> following command:
> 
> 
> root at dc02:~# samba-tool fsmo transfer --role=forestdns -UAdministrator
> 
> However, I am receiving the following error:
> 
> ERROR: Failed to add role 'forestdns': LDAP error 53
> LDAP_UNWILLING_TO_PERFORM -  <000020AE: SvcErr: DSID-031535B9, problem
> 5003 (WILL_NOT_PERFORM), data 0
> 
> I have inherited an old Active Directory server running Windows Server
> 2012, which I am in the process of migrating to Samba. The domain I am
> working with ends in .local, which I understand does not comply with
> RFC standards for domain names.
> 
> I suspect that the error I am encountering may be related to the
> domain name. I have thoroughly checked the server configuration and
> have not found any other reasons for this issue.

No, I doubt it is anything to do with '.local', that would affect dns
rather than transferring an FSMO role.
I fear it may be something worse, you say it is an old AD, could it be
that old that it started off as either a 2K or 2003 domain ?
If it did then you may still be using the older dns system that doesn't
have the _msdcs subdomain. Try reading this:

https://ftp.zx.net.nz/pub/archive/ftp.microsoft.com/MISC/KB/en-us/817/470.HTM

Rowland



More information about the samba mailing list