Re: [Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain

Il 06/03/2018 05:36, denis.shigapov ha scritto:
It is also desirable to check the access rights to DomainDnsZones and subfolders, this can be done through the ADSI editor.
Thanks Denis, one of the screenshots attached to your message (reattached here) turned on the light on my issue, you're the winner ;)

It seems that my Win2000-->Win2008R2 DNS upgrade went wrong or, at least, it was uncomplete. I was completely missing the new "_msdcs.samdom.local" zone, I only had a subdomain "_msdcs" under the main "samdom.local" domain. All DNS tests I've done worked, because they were returning records from "_msdcs.samdom.local" subdomain and not from the root of the missing "_msdcs.samdom.local" zone. (in my head having both a subdomain and a zone with the same name is a mess, but that's another story...)

Now, looking the attached picture turned the light on; I've manually created the missing zone:
* created the new "_msdcs.samdom.local" zone on SRVAD-OLD
* set it to replicate forest-wide (some records should appear automatically)
* set domain zone "samdom.local" and its reverse zone to replicate domain-wide
* run these commands:
    net stop netlogon
    net start netlogon
    nltest /dsregdns

After these steps the join completed without issues at first shot.
I've also reverted back to initial snapshots and retested the whole join again and I can confirm it works!

Thanks to all the people that helped me solving the issue.

