Hi Peter, I am unable to demote windows DC, i get always error when demoting windows AD on ForestDNSzones and DomainDNSzones, i have tried a lot of things.
Raise forest level, keep at 2003, add samba to nameservers,etc... What i can see is that if i create a new samba4 as primary root domain and then add windows AD i have no problems. But my objective is to migrate current windows domain to samba4 and not the opposite. On Sat, Feb 23, 2013 at 8:49 PM, Peter Beck <[email protected]> wrote: > Hi guys, > > I did some more testing: > > --- Scenario 1: > > Server 2003 with Forest Operation Level 'Windows 2000' and domain > operation Level 'Windows 2000 mixed' (which seems to be the default when > setting up Server 2003): > > After joining Samba4 to the domain I was unable to raise the level. > Samba-tool just had an error, when trying to showing the levels: > > ERROR: Could not retrieve the actual domain, forest level and/or > lowest DC function level! > > And on the Windows DC the only change that was possible was to raise up > the domain operating level to "Windows 2000 native". No other changes > were possible [cannot raise ...because this domain includes domain > controllers that are not running the appropriate version of Windows] > > I also got issues with replicate: > > samba-tool drs replicate lab07 lab03 dc=domaindnszones,dc=adlab,dc=local > ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - > drsException: DsReplicaSync failed (8440, 'WERR_DS_DRA_BAD_NC') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 331, in > run > drs_utils.sendDsReplicaSync(self.drsuapi, > self.drsuapi_handle,source_dsa_guid, NC, req_options) > File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83, in > sendDsReplicaSync > raise drsException("DsReplicaSync failed %s" % estr) > > with option --local: > samba-tool drs replicate lab07 lab03 > dc=domaindnszones,dc=adlab,dc=local --local > Partition[dc=domaindnszones,dc=adlab,dc=local] objects[26] > linked_values[0] > > the same behaviour with forestdnszones. > > --- Scenario 2: > > Then the same setup again, but _before_ joining Samba, the Domain > and Forest level were raised up to 2003. After joining the samba server, > the levels were shown without issues: > > samba-tool was able to list the levels: > > Domain and forest function level for domain 'DC=adlab,DC=local' > Forest function level: (Windows) 2003 > Domain function level: (Windows) 2003 > Lowest function level of a DC: (Windows) 2003 > > Also replicating seems (after restart of samba) to work successfull > (with all its options like full-sync, local,etc): > > samba-tool drs replicate lab07 lab03 dc=domaindnszones,dc=adlab,dc=local > Replicate from lab03 to lab07 was successful. > samba-tool drs replicate lab07 lab03 dc=forestdnszones,dc=adlab,dc=local > Replicate from lab03 to lab07 was successful. > > I was able do demote the Windows server like the times before. > > My conclusion is to ensure the forest and domain operating levels > _before_ joining the Samba server to the domain and do not hurry with > replacing to ensure the replication was done completely prevents from > lots of issues and headache... > > I think the next test will be with Server 2008... > > Regards > Peter > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- Cumprimentos, Sérgio Machado -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
