[Samba] Samba 4 Does not join existing domain as additional DC - Refusing to replicate from a read-only repilca into a read-write replica

Mon, 07 Jan 2013 09:12:00 -0800 

Hello,

This behaviour may be of interest:
Attempting to join samba4.0 to an AD domain running a single 2008 R2 server. DNS is being provided by an existing bind 9 server. 

After command:

/usr/local/samba/bin/samba-tool domain join example.com DC -U Administrator  -W 
EXAMPLE --dns-backend=NONE


Process to add the DC failed at this point:
Refusing to replicate DC=DomainDnsZones,DC=example,DC=com from a read-only repilca into a read-write replica! Failed to convert object DC=DomainDnsZones,DC=inview,DC=local: WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA 
Failed to convert objects: WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA
Join failed - cleaning up
In my test environment, I did some playing around and found that I could delete the troublesome namespaces using ntdsutil in partition management mode (see http://technet.microsoft.com/en-us/library/cc730970%28v=ws.10%29.aspx) 

ntdsutil delete nc DC=DomainDnsZones,DC=example,DC=com

and

ntdsutil delete nc DC=DomainDnsZones,DC=example,DC=com
(These naming contexts are recreated when DNS server is started on the Win 2008 server.) 

After doing that, I got when I attempt to add the DC:
Refusing to replicate DC=ForestDnsZones\0ADEL:e274cb7e-9b4d-4966-bc51-c4820808d9ba,DC=inview,DC=local from a read-only repilca into a read-write replica! Failed to convert object DC=ForestDnsZones\0ADEL:e274cb7e-9b4d-4966-bc51-c4820808d9ba,DC=inview,DC=local: WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA 
Failed to convert objects: WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA
Join failed - cleaning up
This is because the objects still persist in AD but are tombstoned (hence the 0ADEL).
To try and get rid of them, I reduced the tombstone lifetime from 180 days to what I gather is the minimum of 3 days (using ADSI edit).
I found after 3 days (and AD garbage collection) I was able to add the DC successfully.
Has anyone else come across this? It could be some peculiarity on this particular domain. 

Thanks in advance.

Chris




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to