Web lists-archives.com

Re: [Samba] Transfer the FSMO roles




Hi,

I always upgrade my pair of samba DCs that way, first one and when it runs stable for a week or so I do the other one.

Depending on the version you need to transfer two more FSMO roles:
samba-tool fsmo transfer --role=domaindns -U administrator
samba-tool fsmo transfer --role=forestdns -U administrator

Make sure that the new DC runs perfectly in sync with the old one, check e.g. by Louis van Belle's script on https://downloads.van-belle.nl/samba4/samba-check-db-repl.sh , do a "samba-tool dbcheck --cross-ncs" on the new DC.

Make sure that the sysvol folder has been properly synchronized to the new DC.

Reconfigure client systems to not use the old DC anymore for DNS

Switch the old DC off and check if everything still works, for a few hours or days, depending on load.

Then it is time to switch the old DC on one last time and demote it.

After demote you need to clean up left-overs of the old DC in AD, see "Verifying the Demotion" in https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC , and you might as well with RSAT crawl through the whole DNS and remove all references to the old DC.

Another "samba-tool dbcheck --cross-ncs" on the new DC will find some orphaned entries that can be removed with --fix and than you're definitely done with the upgrade.

regards,
Norbert


On 02.05.2017 00:38, Marcio Demetrio Bacci via samba wrote:
I've been thinking if it's better to make a new Samba 4 DC server instead
upgrade the old DC and then transfer the FSMO roles to it and shut down the
old server.

This way the installation would be cleaner and free of any errors of the
old installation.

I'm using Samba 4.2.1 and the result of command below is:

root@EMPRESA:~# samba-tool fsmo show

InfrastructureMasterRole owner: CN=NTDS
Settings,CN=EMPRESA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=com,DC=br
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=EMPRESA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=com,DC=br
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=EMPRESA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=com,DC=br
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=EMPRESA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=com,DC=br
SchemaMasterRole owner: CN=NTDS
Settings,CN=EMPRESA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=com,DC=br

Do I need to execute the 5 commands below?

*In the new DC*
samba-tool fsmo transfer --role=InfrastructureMasterRole
samba-tool fsmo transfer --role=RidAllocationMasterRole
samba-tool fsmo transfer --role=PdcEmulationMasterRole
samba-tool fsmo transfer --role=DomainNamingMasterRole
samba-tool fsmo transfer --role=SchemaMasterRole

*In the old DC*
samba-tool domain demote -Uadministrator

Regards,

Márcio Bacci


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba