[Samba] LDAP error 53 LDAP_UNWILLING_TO_PERFORM

Epsilon Minus theepsilonminus at gmail.com
Wed Jan 22 19:29:46 UTC 2025


On Wed, Jan 22, 2025 at 7:12 AM Rowland Penny via samba
<samba at lists.samba.org> wrote:
>
> On Tue, 21 Jan 2025 20:31:11 -0300
> Epsilon Minus via samba <samba at lists.samba.org> wrote:
>
> > Hi everyone!
> >
> > I hope this message finds you well. I am reaching out to seek
> > assistance regarding an issue I am experiencing while transferring
> > domain roles in my Samba setup.
> >
> > In a previous email thread that I no longer have access to, I
> > encountered a similar problem, which I would like to reference: Samba
> > Mailing List Archive.
> >
> > Currently, I am attempting to transfer the 'forestdns' role using the
> > following command:
> >
> >
> > root at dc02:~# samba-tool fsmo transfer --role=forestdns -UAdministrator
> >
> > However, I am receiving the following error:
> >
> > ERROR: Failed to add role 'forestdns': LDAP error 53
> > LDAP_UNWILLING_TO_PERFORM -  <000020AE: SvcErr: DSID-031535B9, problem
> > 5003 (WILL_NOT_PERFORM), data 0
> >
> > I have inherited an old Active Directory server running Windows Server
> > 2012, which I am in the process of migrating to Samba. The domain I am
> > working with ends in .local, which I understand does not comply with
> > RFC standards for domain names.
> >
> > I suspect that the error I am encountering may be related to the
> > domain name. I have thoroughly checked the server configuration and
> > have not found any other reasons for this issue.
>
> No, I doubt it is anything to do with '.local', that would affect dns
> rather than transferring an FSMO role.
> I fear it may be something worse, you say it is an old AD, could it be
> that old that it started off as either a 2K or 2003 domain ?
> If it did then you may still be using the older dns system that doesn't
> have the _msdcs subdomain. Try reading this:
>
> https://ftp.zx.net.nz/pub/archive/ftp.microsoft.com/MISC/KB/en-us/817/470.HTM
>
> Rowland
>
> --

Rowland, Thank you for your prompt response!

To clarify, the Active Directory is not that old; it is running on
Windows Server 2012 and was installed with that version. The Forest
Level and Domain Level are set to 2008 R2 for the migration.

If the domain name is not the issue, what else could I investigate?

I appreciate your guidance!

Best regards,



More information about the samba mailing list