Web lists-archives.com

Re: [Samba] Error removing Windows DC from AD




Hi,

On 20/06/2018 20:38, Andrew Bartlett wrote:
To be clear, we don't replicate sysvol, you need to work that out
yourself (yes, this sucks).


Right, I'm doing that with Robocopy from the Windows DC initially, then with rsync.

Is there any further preparation I need to do on the Windows server side
to make a clean demotion possible? I can force the removal of the
Windows DC but this led to leftover data in the LDAP database and DNS
that I have to excise by hand, which I don't find ideal.

I'm thankful for any advice on how to accomplish this.

samba-tool domain demote --remove-other-dead-server


Unfortunately this causes the following error:

# samba-tool domain demote --remove-other-dead-server=DC
Removing nTDSConnection: CN=6e15b4f5-1863-4259-8817-c7835ed7815e,CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=lan Removing nTDSDSA: CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=lan (and any children) ERROR(ldb): uncaught exception - subtree_delete: Unable to delete a non-leaf node (it has 1 children)! File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 721, in run
    remove_dc.remove_dc(samdb, logger, remove_other_dead_server)
File "/usr/lib/python2.7/dist-packages/samba/remove_dc.py", line 422, in remove_dc
    remove_dns_account=True)
File "/usr/lib/python2.7/dist-packages/samba/remove_dc.py", line 350, in offline_remove_ntds_dc
    remove_dns_account=remove_dns_account)
File "/usr/lib/python2.7/dist-packages/samba/remove_dc.py", line 229, in offline_remove_server
    samdb.delete(server_dn)
A transaction is still active in ldb context [0x560a67adb490] on tdb:///var/lib/samba/private/sam.ldb

(never mind that this is now on DC1, not DC3, I've torn down the test environment a few times)

Manual removal of 'CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=lan' in ADSIEdit didn't go well and caused all replication to break at some point. I must be missing something here but I can't quite figure out what exactly.

Best regards,
Pietro Stäheli

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba