[Samba] Troubles with moving from Samba to windows DC
- Date: Tue, 16 Oct 2018 22:54:44 +0200
- From: Andreas Heinlein via samba <samba@xxxxxxxxxxxxxxx>
- Subject: [Samba] Troubles with moving from Samba to windows DC
I am in the process of moving from a Samba DC to a windows server DC. I
have promoted a Server 2008R2 and used the robocopy workaround to
populate SYSVOL, then - after a few days - demoted the samba DC. So the
windows DC is currently the only one in the domain, I want to promote
another Server 2016 instance.
I am facing similar problems like described here:
- Adding DNS entries did not work, after cleaning up old references like
in the article, this worked.
- I am, however, still getting Event ID 4014 ("The DNS server was unable
toinitialize AD security interfaces") from DNS. This does not go away
with restarting like in the article.
- Worst thing is, when trying to promote the Server 2016 DC, I get "DNS
cannot be installed on this domain controller because this domain does
not host DNS." The zone in question is not made of a single component
and it is hosted in AD, so MS proposed solution does not work.
I am experiencing some other problems with SYSVOL, which may or may not
be related to the DNS problem:
- I cannot open Group Policy Editor, it says "the server cannot perform
the requested operation". Existing GPOs seem to work.
- dcdiag fails the test VerifyReferences, complaining like
 Problem: Missing Expected Value
Base Object: CN=AD2008,OU=Domain Controllers,DC=abc,DC=com
Base Object Description: "DC Account Object"
Value Object Attribute Name: msDFSR-ComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: Please See Knowledge Base Article Q312862
- FRS Service is disabled, DFS service is running, so it seems this DC
would like to use DFS for SYSVOL replication. dfsrmig /getmigrationstate
says the global state is "Eliminated" but the local state is "Starting",
- Using regedit, I see a key
SysVols\abc.com, with value "Parent Computer"="demotedsambadc.abc.com"
- Using DFS console, I see a SYSVOL replication set which is empty, i.e.
has no members.
I am currently focused on the DNS problems, as they prevent me from
correctly promoting the second DC.
Any help is appreciated.
To unsubscribe from this list go to the following URL and read the