"Resetting" a DC (and other stories)
Kev Latimer
klatimer at tolent.co.uk
Wed Apr 25 04:56:25 MDT 2012
On 24/04/2012 17:57, Matthieu Patou wrote:
> On 04/24/2012 01:15 AM, Kev Latimer wrote:
>> Morning all,
>>
>> To cut a long story short, (I'm doing another post in a minute with
>> my actual problem), is there a way to get a DC to "forget" everything
>> it knows about AD and force it replicate from a nominated "known
>> good" DC? In a sense, resetting it but without trying to
>> unjoin/rejoin the domain? Delete sam.ldb or the contents of
>> sam.ldb.d/ for example? I've a situation where replication has gone
>> a little awry I'd like to see if there's a quick way of just getting
>> a DC to start again...
>>
>> I've tried samba-tool drs replicate but that is throwing the error
>> I'm trying to clear...
>
> --sync-forced use SYNC_FORCED to force inbound replication
> --sync-all use SYNC_ALL to replicate from all DCs
> --full-sync resync all objects
>
>
> Try --full-sync, also maybe the best is to rejoin ?
>
> Matthieu.
>
>
(Forgot to send to list - my bad...)
Thanks Matthieu, that's pretty much what I was after. Unfortunately, it
seems when I do either of those, the same error I'm trying to clear is
still causing problems.
What is the correct procedure for rejoining? I've tried to do a
"samba-tool domain demote" to relieve it of DC duties with the intention
of deleting the resultant computer account in the normal fashion but
that command just results in:
root at olddc:/usr/local/samba# bin/samba-tool domain demote
Using firstdc.tolent.local as partner server for the demotion
Desactivating inbound replication
Asking partner server firstdc.tolent.local to synchronize from us
Changing userControl and container
Error while demoting, re-enabling inbound replication
ERROR(ldb): Error while changing account control - LDAP error 1
LDAP_OPERATIONS_ERROR - <00002020: Operation unavailable without
authentication> <>
My next thought is to stop samba on olddc, remove /usr/local/samba,
reinstall and do a clean join - reading some earlier posts seem to
suggest this rejoin might just "take over" the role of olddc, as long as
it has the same name?
Cheers,
Kev
--
Kev
More information about the samba-technical
mailing list