Web lists-archives.com

Re: [Samba] Error removing Windows DC from AD


On 20/06/2018 20:38, Andrew Bartlett wrote:
To be clear, we don't replicate sysvol, you need to work that out
yourself (yes, this sucks).

Right, I'm doing that with Robocopy from the Windows DC initially, then with rsync.

Is there any further preparation I need to do on the Windows server side
to make a clean demotion possible? I can force the removal of the
Windows DC but this led to leftover data in the LDAP database and DNS
that I have to excise by hand, which I don't find ideal.

I'm thankful for any advice on how to accomplish this.

samba-tool domain demote --remove-other-dead-server

Unfortunately this causes the following error:

# samba-tool domain demote --remove-other-dead-server=DC
Removing nTDSConnection: CN=6e15b4f5-1863-4259-8817-c7835ed7815e,CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=lan Removing nTDSDSA: CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=lan (and any children) ERROR(ldb): uncaught exception - subtree_delete: Unable to delete a non-leaf node (it has 1 children)! File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 721, in run
    remove_dc.remove_dc(samdb, logger, remove_other_dead_server)
File "/usr/lib/python2.7/dist-packages/samba/remove_dc.py", line 422, in remove_dc
File "/usr/lib/python2.7/dist-packages/samba/remove_dc.py", line 350, in offline_remove_ntds_dc
File "/usr/lib/python2.7/dist-packages/samba/remove_dc.py", line 229, in offline_remove_server
A transaction is still active in ldb context [0x560a67adb490] on tdb:///var/lib/samba/private/sam.ldb

(never mind that this is now on DC1, not DC3, I've torn down the test environment a few times)

Manual removal of 'CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=lan' in ADSIEdit didn't go well and caused all replication to break at some point. I must be missing something here but I can't quite figure out what exactly.

Best regards,
Pietro Stäheli

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba