Web lists-archives.com

Re: [Samba] Demoted/removed a DC, and the NS records?




Hi Marco,

Following:
	https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC

i've demoted and removed a DC. Seems all went as expected:

 root@vdcud1:~# samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it  -U gaio
 Using vdcsv1.ad.fvg.lnf.it as partner server for the demotion
 Password for [LNFFVG\gaio]:
 Deactivating inbound replication
 Asking partner server vdcsv1.ad.fvg.lnf.it to synchronize from us
 Changing userControl and container
 Removing Sysvol reference: CN=VDCUD1,CN=Enterprise,CN=Microsoft System Volumes,CN=System,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
 Removing Sysvol reference: CN=VDCUD1,CN=ad.fvg.lnf.it,CN=Microsoft System Volumes,CN=System,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
 Removing Sysvol reference: CN=VDCUD1,CN=Domain System Volumes (SYSVOL share),CN=File Replication Service,CN=System,DC=ad,DC=fvg,DC=lnf,DC=it
 Removing Sysvol reference: CN=VDCUD1,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=ad,DC=fvg,DC=lnf,DC=it
 Demote successful

what version of Samba are you running? Recent versions do a much better job at DNS cleaning during demote.

I also advise you to run the demote on another DC than the one you are demoting (samba-tool doamin demote --remove-other-dead-server=xxxxx). Running a demote on the server you are demoting feels awkward as it looks like you are sawing the branch you are sitting on.

Cheers,

Denis


Following the wiki, now i'm cleaning the DNS, because still:

 gaio@hermione:~$ dig ns ad.fvg.lnf.it @vdcsv1

 ; <<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>> ns ad.fvg.lnf.it @vdcsv1
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29592
 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 1

 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 4096
 ;; QUESTION SECTION:
 ;ad.fvg.lnf.it.			IN	NS

 ;; ANSWER SECTION:
 ad.fvg.lnf.it.		900	IN	NS	vdcsv2.ad.fvg.lnf.it.
 ad.fvg.lnf.it.		900	IN	NS	vdcud1.ad.fvg.lnf.it.
 ad.fvg.lnf.it.		900	IN	NS	vdcpp1.ad.fvg.lnf.it.
 ad.fvg.lnf.it.		900	IN	NS	vdctms1.ad.fvg.lnf.it.
 ad.fvg.lnf.it.		900	IN	NS	vdcpp2.ad.fvg.lnf.it.
 ad.fvg.lnf.it.		900	IN	NS	vdc3t1.ad.fvg.lnf.it.
 ad.fvg.lnf.it.		900	IN	NS	vdcsv1.ad.fvg.lnf.it.

 ;; Query time: 0 msec
 ;; SERVER: 10.5.1.25#53(10.5.1.25)
 ;; WHEN: Fri Feb 15 12:05:24 CET 2019
 ;; MSG SIZE  rcvd: 190

I've removed some entry (mostly, the GUID alias), but seems there's no
way to remove the NS record (right clinking it, there's no 'remove').

I need to click 'properties' and on the 'name server' tab, remove here?


Thanks.


--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil.it

Samba install wiki for Frenchies : https://dev.tranquil.it
WAPT, software deployment made easy : https://wapt.fr

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba