"Resetting" a DC (and other stories)
Andrew Bartlett
abartlet at samba.org
Wed Apr 25 06:17:01 MDT 2012
On Wed, 2012-04-25 at 11:56 +0100, Kev Latimer wrote:
> On 24/04/2012 17:57, Matthieu Patou wrote:
> > On 04/24/2012 01:15 AM, Kev Latimer wrote:
> >> Morning all,
> >>
> >> To cut a long story short, (I'm doing another post in a minute with
> >> my actual problem), is there a way to get a DC to "forget" everything
> >> it knows about AD and force it replicate from a nominated "known
> >> good" DC? In a sense, resetting it but without trying to
> >> unjoin/rejoin the domain? Delete sam.ldb or the contents of
> >> sam.ldb.d/ for example? I've a situation where replication has gone
> >> a little awry I'd like to see if there's a quick way of just getting
> >> a DC to start again...
> >>
> >> I've tried samba-tool drs replicate but that is throwing the error
> >> I'm trying to clear...
> >
> > --sync-forced use SYNC_FORCED to force inbound replication
> > --sync-all use SYNC_ALL to replicate from all DCs
> > --full-sync resync all objects
> >
> >
> > Try --full-sync, also maybe the best is to rejoin ?
> >
> > Matthieu.
> >
> >
> (Forgot to send to list - my bad...)
>
> Thanks Matthieu, that's pretty much what I was after. Unfortunately, it
> seems when I do either of those, the same error I'm trying to clear is
> still causing problems.
What is that error? Does 'samba-tool dbcheck --cross-ncs' help?
> What is the correct procedure for rejoining? I've tried to do a
> "samba-tool domain demote" to relieve it of DC duties with the intention
> of deleting the resultant computer account in the normal fashion but
> that command just results in:
>
> root at olddc:/usr/local/samba# bin/samba-tool domain demote
> Using firstdc.tolent.local as partner server for the demotion
> Desactivating inbound replication
> Asking partner server firstdc.tolent.local to synchronize from us
> Changing userControl and container
> Error while demoting, re-enabling inbound replication
> ERROR(ldb): Error while changing account control - LDAP error 1
> LDAP_OPERATIONS_ERROR - <00002020: Operation unavailable without
> authentication> <>
You must specify -Uadministrator so it doesn't connect as anonymous.
> My next thought is to stop samba on olddc, remove /usr/local/samba,
> reinstall and do a clean join - reading some earlier posts seem to
> suggest this rejoin might just "take over" the role of olddc, as long as
> it has the same name?
It should, but there will still be some references to the old DC. I
would like to understand what your issue is, if you are able to help us
with that.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list