[Samba] transferring FSMO to new DC failing with domaindns and forestdns
Rowland Penny
rpenny at samba.org
Wed Jun 25 09:12:38 UTC 2025
On Mon, 23 Jun 2025 22:54:01 +1200
Daniel Christie via samba <samba at lists.samba.org> wrote:
Sorry to be a bit late in replying, but I have been trying to get my
head around code I wrote 10 years ago.
> *sudo ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -P -b
> 'CN=infrastructure,DC=DomainDnsZones,DC=home,DC=domain,DC=com' -s s*
> *ub '(fSMORoleOwner=*)' fSMORoleOwner*
> # record 1
> dn: CN=Infrastructure,DC=DomainDnsZones,DC=home,DC=domain,DC=com
> fSMORoleOwner: CN=NTDS
> Settings,CN=DC1,CN=Servers,CN=Mears,CN=Sites,CN=Configu
> ration,DC=home,DC=krust,DC=kiwi
Is that bad sanitising ? 'DC=home,DC=domain,DC=com' in the DN has
become 'DC=home,DC=krust,DC=kiwi' in the attribute, if it isn't, then
that is probably your problem.
If all else fails try seizing the domaindns and forestdns roles to the
new DC and then demote the old DC.
NOTE: You will have to use '--force' with the seize command, or it will
try to transfer the role first.
Rowland
More information about the samba
mailing list