Web lists-archives.com

Re: [Samba] Transfer the FSMO roles


I always upgrade my pair of samba DCs that way, first one and when it runs stable for a week or so I do the other one.

Depending on the version you need to transfer two more FSMO roles:
samba-tool fsmo transfer --role=domaindns -U administrator
samba-tool fsmo transfer --role=forestdns -U administrator

Make sure that the new DC runs perfectly in sync with the old one, check e.g. by Louis van Belle's script on https://downloads.van-belle.nl/samba4/samba-check-db-repl.sh , do a "samba-tool dbcheck --cross-ncs" on the new DC.

Make sure that the sysvol folder has been properly synchronized to the new DC.

Reconfigure client systems to not use the old DC anymore for DNS

Switch the old DC off and check if everything still works, for a few hours or days, depending on load.

Then it is time to switch the old DC on one last time and demote it.

After demote you need to clean up left-overs of the old DC in AD, see "Verifying the Demotion" in https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC , and you might as well with RSAT crawl through the whole DNS and remove all references to the old DC.

Another "samba-tool dbcheck --cross-ncs" on the new DC will find some orphaned entries that can be removed with --fix and than you're definitely done with the upgrade.


On 02.05.2017 00:38, Marcio Demetrio Bacci via samba wrote:
I've been thinking if it's better to make a new Samba 4 DC server instead
upgrade the old DC and then transfer the FSMO roles to it and shut down the
old server.

This way the installation would be cleaner and free of any errors of the
old installation.

I'm using Samba 4.2.1 and the result of command below is:

root@EMPRESA:~# samba-tool fsmo show

InfrastructureMasterRole owner: CN=NTDS
RidAllocationMasterRole owner: CN=NTDS
PdcEmulationMasterRole owner: CN=NTDS
DomainNamingMasterRole owner: CN=NTDS
SchemaMasterRole owner: CN=NTDS

Do I need to execute the 5 commands below?

*In the new DC*
samba-tool fsmo transfer --role=InfrastructureMasterRole
samba-tool fsmo transfer --role=RidAllocationMasterRole
samba-tool fsmo transfer --role=PdcEmulationMasterRole
samba-tool fsmo transfer --role=DomainNamingMasterRole
samba-tool fsmo transfer --role=SchemaMasterRole

*In the old DC*
samba-tool domain demote -Uadministrator


Márcio Bacci

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba