[Samba] samba4 anonymous ldap search
I'm using Version 4.1.0pre1-GIT-e4218e4 samba4 server. It allows nicely anonymous ldap searches, latest versions does not allow that. I have followed Microsofts kb326690 and kb320528 guides, but it seems not helpful. Is the anonymous ldap possible anymore? regards Hannu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba ADDS DC krb5 and samba_nsupdate
OK now I tried to join again I saw this messages descriptor_sd_propagation_recursive: DC=DomainDnsZones,DC=*,DC=de not found under DC=*,DC=de descriptor_sd_propagation_recursive: DC=ForestDnsZones,DC=*,DC=de not found under DC=*,DC=de Unable to find group id for BIND, set permissions to sam.ldb* files manually Unable to find group id for BIND, set permissions to sam.ldb* files manually bind is running as user root hope to get help Felipe -Mensaje original- De: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] En nombre de Felipe Enviado el: miƩrcoles, 02 de enero de 2013 2:55 Para: samba@lists.samba.org Asunto: [Samba] Samba ADDS DC krb5 and samba_nsupdate Hello I tried on two vms on my vmware Workstation to use samba as DC. I want use BIND for dns system. To join the Domain had worked successfully after I recompiled the bind. It seems the zone are the same but Samba isn't in the ns-record. If I run dcpromo.exe I get this error message: This Active Directory DC is the last dns-server for the AD-zones. If I remove the DC the dns-names can't be resolved any more. Also Exchange doesn't find the DC If I type kinit administrator I didn't get an answer root@linux:~# kinit administrator Password for administra...@dncom.de: root@linux:~# samba-tool drs showrepl have't errors for the replication but on the end Connection -- Connection name: b1449b55-6603-4b33-abe2-6d78071a5d76 Enabled: TRUE Server DNS name : QC2NDOHUS2B.dncom.de Server DN name : CN=NTDS Settings,CN=QC2NDOHUS2B,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dncom,DC=de TransportType: RPC options: 0x0001 Warning: No NC replicated for Connection! samba_dnsupdate --verbose --all-names makes also problems IPs: ['fe80::20c:29ff:fe65:b90e%eth0', '172.16.128.120'] Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389) as we are not a PDC Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSFOREST} ${HOSTNAME} 389) as we are not a PDC Calling nsupdate for A dncom.de 172.16.128.120 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: dncom.de. 900 IN A 172.16.128.120 dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for A linux.dncom.de 172.16.128.120 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: linux.dncom.de. 900 IN A 172.16.128.120 dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for A gc._msdcs.dncom.de 172.16.128.120 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: gc._msdcs.dncom.de. 900 IN A 172.16.128.120 dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for CNAME f5b7a286-234e-4007-8c53-8686c259ed61._msdcs.dncom.de linux.dncom.de Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: f5b7a286-234e-4007-8c53-8686c259ed61._msdcs.dncom.de. 900 IN CNAME linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kpasswd._tcp.dncom.de linux.dncom.de 464 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kpasswd._tcp.dncom.de. 900 IN SRV 0 100 464 linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kpasswd._udp.dncom.de linux.dncom.de 464 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kpasswd._udp.dncom.de. 900 IN SRV 0 100 464 linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kerberos._tcp.dncom.de linux.dncom.de 88 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kerberos._tcp.dncom.de. 900IN SRV 0 100 88 linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kerberos._tcp.dc._msdcs.dncom.de linux.dncom.de 88 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kerberos._tcp.dc._msdcs.dncom.de. 900 IN SRV 0 100 88 linux.dncom.de. dns_tkey_ne
[Samba] Samba ADDS DC krb5 and samba_nsupdate
Hello I tried on two vms on my vmware Workstation to use samba as DC. I want use BIND for dns system. To join the Domain had worked successfully after I recompiled the bind. It seems the zone are the same but Samba isn't in the ns-record. If I run dcpromo.exe I get this error message: This Active Directory DC is the last dns-server for the AD-zones. If I remove the DC the dns-names can't be resolved any more. Also Exchange doesn't find the DC If I type kinit administrator I didn't get an answer root@linux:~# kinit administrator Password for administra...@dncom.de: root@linux:~# samba-tool drs showrepl have't errors for the replication but on the end Connection -- Connection name: b1449b55-6603-4b33-abe2-6d78071a5d76 Enabled: TRUE Server DNS name : QC2NDOHUS2B.dncom.de Server DN name : CN=NTDS Settings,CN=QC2NDOHUS2B,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dncom,DC=de TransportType: RPC options: 0x0001 Warning: No NC replicated for Connection! samba_dnsupdate --verbose --all-names makes also problems IPs: ['fe80::20c:29ff:fe65:b90e%eth0', '172.16.128.120'] Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389) as we are not a PDC Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSFOREST} ${HOSTNAME} 389) as we are not a PDC Calling nsupdate for A dncom.de 172.16.128.120 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: dncom.de. 900 IN A 172.16.128.120 dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for A linux.dncom.de 172.16.128.120 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: linux.dncom.de. 900 IN A 172.16.128.120 dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for A gc._msdcs.dncom.de 172.16.128.120 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: gc._msdcs.dncom.de. 900 IN A 172.16.128.120 dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for CNAME f5b7a286-234e-4007-8c53-8686c259ed61._msdcs.dncom.de linux.dncom.de Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: f5b7a286-234e-4007-8c53-8686c259ed61._msdcs.dncom.de. 900 IN CNAME linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kpasswd._tcp.dncom.de linux.dncom.de 464 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kpasswd._tcp.dncom.de. 900 IN SRV 0 100 464 linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kpasswd._udp.dncom.de linux.dncom.de 464 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kpasswd._udp.dncom.de. 900 IN SRV 0 100 464 linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kerberos._tcp.dncom.de linux.dncom.de 88 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kerberos._tcp.dncom.de. 900IN SRV 0 100 88 linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kerberos._tcp.dc._msdcs.dncom.de linux.dncom.de 88 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kerberos._tcp.dc._msdcs.dncom.de. 900 IN SRV 0 100 88 linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kerberos._tcp.default-first-site-name._sites.dncom.de linux.dncom.de 88 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kerberos._tcp.default-first-site-name._sites.dncom.de. 900 IN SRV 0 100 88 linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.dncom.de linux.dncom.de 88 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kerberos._tcp.default-fi
[Samba] Windows Authentication
Greetings Samba: I thought I knew something about servers and networks but Samba has me stumped... I built a clean Fedora 17 server, disabled the firewall and then followed install instructions from http://www.howtoforge.com/fedora-17-samba-standalone-server-with-tdbsam-backend. When I try to connect I receive windows security (login) screen but no mater what I do, I never connect. I am on the same network, have tried verified my workgroups match, but do not see samba on the browser and can not get map to drive to get past UID and PW. I have tried host name and IP address for domain portion. Any suggestions on where to look next? Gerald -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (Trying) to understand Print properties saving
I have a similar issue with Ubuntu 12.04 based system , not sure of Samba version but it keeps changing default paper to Postscript custom which seems almost square. I change it in windows and apply and it always reverts to postscript custom again On Tue, Jan 1, 2013 at 5:01 PM, Alessandro Dentella wrote: > > Hi, > > some weeks ago I wrote to this list about a problem I have saving print > properties (samba 3.4.7 - ubuntu-lucid + XP-pro) > > I never managed to solve it, I also tried with samba 3.6+ (Ubuntu precise) > but had aother problems I wrote about in this list ending opening a bug > [1]. > > Now I had to go back to my 3.4.7 installation. I'd like at least to bettere > understand how print properties work so that I can cope better with the > situation. > > In my setup the drivers are distributed by the server, client do realize > they need the driver and server correctly serves them, the problem is that > the page format is alwayes set to 'letter' rather than 'A4'. I have roaming > profiles. > > I really need to fix this even thought some workaround. > > Can someone tell me which are the components that store the print > properties? If this is already explained somewhere, please give me the URL, > I wasn't able to find it. > > 1. If I browse \\server\(server and fax) and I configure properties, where >are the changes saved? > > 2. When an end user configures the printer where does ther properties should >go (I have roaming profiles)? In the profile? in a registry? > > 3. If the domain/local Administrator changes the properties in the printer >on the client via settings | printers how does that change relate to >settings in 1 and 2? > > 4. In a working setup, is there a way to force the paper format *after* a >user has already logged in and changed the properties? > > > thanks in advance for any explanation > thanks > > sandro > *:-) > > > > [1] https://bugzilla.samba.org/show_bug.cgi?id=9468 > > -- > Sandro Dentella *:-) > http://www.reteisi.org Soluzioni libere per le scuole > http://sqlkit.argolinux.orgSQLkit home page - PyGTK/python/sqlalchemy > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (Trying) to understand Print properties saving
Hi, some weeks ago I wrote to this list about a problem I have saving print properties (samba 3.4.7 - ubuntu-lucid + XP-pro) I never managed to solve it, I also tried with samba 3.6+ (Ubuntu precise) but had aother problems I wrote about in this list ending opening a bug [1]. Now I had to go back to my 3.4.7 installation. I'd like at least to bettere understand how print properties work so that I can cope better with the situation. In my setup the drivers are distributed by the server, client do realize they need the driver and server correctly serves them, the problem is that the page format is alwayes set to 'letter' rather than 'A4'. I have roaming profiles. I really need to fix this even thought some workaround. Can someone tell me which are the components that store the print properties? If this is already explained somewhere, please give me the URL, I wasn't able to find it. 1. If I browse \\server\(server and fax) and I configure properties, where are the changes saved? 2. When an end user configures the printer where does ther properties should go (I have roaming profiles)? In the profile? in a registry? 3. If the domain/local Administrator changes the properties in the printer on the client via settings | printers how does that change relate to settings in 1 and 2? 4. In a working setup, is there a way to force the paper format *after* a user has already logged in and changed the properties? thanks in advance for any explanation thanks sandro *:-) [1] https://bugzilla.samba.org/show_bug.cgi?id=9468 -- Sandro Dentella *:-) http://www.reteisi.org Soluzioni libere per le scuole http://sqlkit.argolinux.orgSQLkit home page - PyGTK/python/sqlalchemy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Core dump trying to join domain on FreeBSD
* Christian Ullrich wrote: * Andrew Bartlett wrote: The error certainly does seem to be coming from Heimdal - that error string only exists in Heimdal, not in Samba. I thought so, too, but I hoped there might have been other instances of this in connection with Samba. If you can run it under valgrind, we might get more of a hint as to why there is invalid memory (I can't think of any other reason why this might fail - a checksum doesn't really fail like this even in 'failure' modes). The attached log is from valgrind without any options. I find it interesting that valgrind produces a valid backtrace, but even the core dump it wrote shows only as garbage in gdb. As usually happens to me, I found a workaround immediately after asking for help, so this is not as terribly important to me anymore as it was yesterday. I had the problem in an x86 environment; it turns out that it works fine on an amd64 system. Not so. It fails just the same when Samba is built against the FreeBSD port version of Heimdal (1.5.2) rather than the version in the base system (1.1.0 iirc). I will ask for help from the Heimdal people next. -- Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 AD DC Sites / Rename Default-First-Site-Name and internal DNS
Am 30.12.2012 02:03, schrieb Andrew Bartlett: On Sat, 2012-12-29 at 13:38 +0100, Achim Gottinger wrote: _ldap._tcp.Default-First-Site-Name._sites.gsg.local SRV site1.gsg.local _kerberos._tcp.Default-First-Site-Name._sites.gsg.local SRV site1.gsg.local _gc._tcp.Default-First-Site-Name._sites.gsg.local SRV site1.gsg.local _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.gsg.local SRV site1.gsg.local _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.gsg.local SRV site1.gsg.local _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.gsg.local SRV site1.gsg.local So there are no more (visible) entries left in Default-First-Site-Name._sites.gsg.local Default-First-Site-Name._sites.gc._msdcs.gsg.local Default-First-Site-Name._sites.dc._msdcs.gsg.local But the structure remains an can not be deleted. (things like _tcp.Default-First-Site-Name._sites.gsg.local). Things still seem to work at both sites but i'm curious if these leftovers can be completely removed. As you have noticed, we are very good at adding DNS records, but never remove the old ones. What you have done seems reasonable, if you have renamed the site, removing the remaining DNS references seems entirely reasonable. Please file a bug about the left-behind DNS stuff, we really should clean that up. Andrew Bartlett Well after some time and samba restarts the left over structure elements had disappeared. Had to remove two records with samba-tools because they could not be accessed from the MS DNS Snapin. samba-tool dns delete localhost gsg.local "_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.gsg.local" SRV "server-site1.gsg.local. 389 0 100" samba-tool dns delete localhost gsg.local "_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.gsg.local" SRV "server-site1.gsg.local. 389 0 100" Afterwards all appearances of Default-First-Site-Name disappeared. There remains however still an issue with the site dependant SRV records on an server. If a server is moved to another site or an site gets renamed. The old SRV records for that server/site remain. Achim Gottinger -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 AD DC Sites / Rename Default-First-Site-Name and internal DNS
Am 31.12.2012 18:26, schrieb Rob Townley: MS ADS utilities would demand restoring from backups for deleting dns records. Assuming you are trying to have two different sites in the same domain, you would not want to delete DNS records at all, but change the dns SRV record such that the remote site has a lower priority (higher number) and the local site has a better priority (lower number). In many computer systems, higher priority is represented by a lower number. zero is often the highest priority. Weight is different than priority. More Weight is represented by a higher number. You may want to leave weight alone because rfc2782 says WEIGHT zero is a special case. rfc2782 is a little confusing as to what weight zero implies. It also states the order of ResourceRecords returned matters in the selection process. Details are in the URLs below. i would recommend reading about PRIORITY and WEIGHT in 2782. http://en.wikipedia.org/wiki/SRV_record http://tools.ietf.org/html/rfc2782 Thank you for the explanation. I redid the site reation and renaming once again, this time i did not touch any DNS entry. 1. After the creation of the first DC LDAP: dn: DC=gsg,DC=local fSMORoleOwner: CN=NTDS Settings,CN=SERVER-SITE1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gsg,DC=local msDs-masteredBy: CN=NTDS Settings,CN=SERVER-SITE1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gsg,DC=local msDS-IsDomainFor: CN=NTDS Settings,CN=SERVER-SITE1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gsg,DC=local masteredBy: CN=NTDS Settings,CN=SERVER-SITE1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gsg,DC=local dn: CN=Infrastructure,DC=gsg,DC=local fSMORoleOwner: CN=NTDS Settings,CN=SERVER-SITE1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gsg,DC=local dn: CN=RID Manager$,CN=System,DC=gsg,DC=local fSMORoleOwner: CN=NTDS Settings,CN=SERVER-SITE1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gsg,DC=local dn: CN=SERVER-SITE1,OU=Domain Controllers,DC=gsg,DC=local serverReferenceBL: CN=SERVER-SITE1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gsg,DC=local DNS: gsg.local _gc._tcp SRV 0 100 3268 server-site1.gsg.local _kerberos._tcp SRV 0 100 88 server-site1.gsg.local _kpasswd._tcp SRV 0 100 464 server-site1.gsg.local _ldap._tcp SRV 0 100 389 server-site1.gsg.local _kerberos._udp SRV 0 100 88 server-site1.gsg.local _kpasswd._udp SRV 0 100 464 server-site1.gsg.local _ldap._tcp.DomainDnsZones SRV 0 100 389 server-site1.gsg.local _ldap._tcp.ForestDnsZones SRV 0 100 389 server-site1.gsg.local _gc._tcp.Default-First-Site-Name._sites SRV 0 100 3268 server-site1.gsg.local _kerberos._tcp.Default-First-Site-Name._sites SRV 0 100 88 server-site1.gsg.local _ldap._tcp.Default-First-Site-Name._sites SRV 0 100 389 server-site1.gsg.local _ldap._tcp.Default-First-Site-Name._site.DomainDnsZones SRV 0 100 389 server-site1.gsg.local _ldap._tcp.Default-First-Site-Name._site.ForestDnsZones SRV 0 100 389 server-site1.gsg.local DNS: _msdc.gsg.local _kerberos._tcp.dc SRV 0 100 88 server-site1.gsg.local _ldap._tcp.dc SRV 0 100 389 server-site1.gsg.local _ldap._tcp.gc SRV 0 100 3268 server-site1.gsg.local _ldap._tcp.pdc SRV 0 100 389 server-site1.gsg.local _ldap._tcp.[DOMAIN ID].domains SRV 0 100 389 server-site1.gsg.local _kerberos._tcp.Default-First-Site-Name._sites.dc SRV 0 100 88 server-site1.gsg.local _ldap._tcp.Default-First-Site-Name._sites.dc SRV 0 100 389 server-site1.gsg.local _ldap._tcp.Default-First-Site-Name._sites.gc SRV 0 100 3268 server-site1.gsg.local 2. Join server-site2 create site2 and move server-site2 into site2, assign subnets to both sites. LDAP: dn: DC=gsg,DC=local fSMORoleOwner: CN=NTDS Settings,CN=SERVER-SITE1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gsg,DC=local msDs-masteredBy: CN=NTDS Settings,CN=SERVER-SITE1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gsg,DC=local msDS-IsDomainFor: CN=NTDS Settings,CN=SERVER-SITE1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gsg,DC=local masteredBy: CN=NTDS Settings,CN=SERVER-SITE1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gsg,DC=local msDs-masteredBy: CN=NTDS Settings,CN=SERVER-SITE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gsg,DC=local msDS-IsDomainFor: CN=NTDS Settings,CN=SERVER-SITE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gsg,DC=local masteredBy: CN=NTDS Settings,CN=SERVER-SITE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gsg,DC=local dn: CN=Infrastructure,DC=gsg,DC=local fSMORoleOwner: CN=NTDS Settings,CN=SERVER-SITE1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gsg,DC=local dn: CN=RID Manager$,CN=System,DC=gsg,DC=local fSMORoleOwner: CN=NTDS Settings,CN=SERVER