Seizing any roles from an SBS server is not supported. Ever. Under no circumstances should you ever transfer any domain services away from an SBS box. Regardless of what samba documentation, et al may claim, this is always an incorrect action to take.
You cannot treat SBS as a typical domain controller, nor can you treat an SBS forest as a typical forest. There are elements within SBS that completely depend upon and expect all roles to be present at all times. And of all roles to transfer, the schema role invites possibly the most disaster, as SBS does not expect non-resident schema modifications. When you’re playing on Microsoft’s infrastructure, there are some MS rules you have to follow. Not everything they mandate is merely a “best practice” or without reason, and this is a prime example. Now that I’m done ranting/scolding, what is the detailed message you receive from ntdsutil? It may be helpful to up the logging level of LDAP Interface Events and DS Schema in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics (start with a value of 2). Also, you may consider a system state restore (you do back up your system state frequently, I hope): http://blogs.technet.com/b/sbs/archive/2011/03/31/how-to-perform-an-authoritative-system-state-restore-in-sbs-2008-2011-standard.aspx. Note this will likely hose your samba instance and require some sort of cleaning to realign it to reality, but SOGo should remain unscathed. Good luck and such. On Mar 12, 2014, at 5:14 PM, Patric Becker <[email protected]> wrote: > OK, monologue ;-), > > I give it up! How should I transfer the Schema role from the sogo box to my > sbs? > > I´ve tried it in Win with ntdsutil and on my linux with > > samba-tool fsmo seize --role=schema > > Where is my failure?? ;( > > Thanks > > Paddie > >> Patric Becker <[email protected]> hat am 12. März 2014 um 20:43 >> geschrieben: >> >> OK, forget the last mail ;-). After I read a bit more I find out, that the >> command worked. BUT if I test with >> >> samba-tool fsmo show >> >> it tells me, that schemamasterrole still is on the sogo box ;-(. >> >> I will test a little more this evening. If i get it OK, if not i give up on >> it. >> >> Thanks >> >> Paddie >>> Patric Becker <[email protected]> hat am 12. März 2014 um 19:51 >>> geschrieben: >>> >>> Many Thanks for your extensive answer. I´ve tried it this way a few minutes >>> ago. but when I want to seize it back to the SBS i get this error >>> >>> FSMO transfer of 'schema' role successful >>> ERROR: Failed to initiate role seize of 'schema' role: objectclass: modify >>> message must have elements/attributes! >>> I´ve googled a little and found this bugreport >>> >>> https://bugzilla.samba.org/show_bug.cgi?id=9461 >>> >>> As I understand it correctly. I have to rebuild samba with this Patch >>> applied to get this working. >>> >>> Thanks >>> >>> Paddie >>> >>>> Steve Boley <[email protected]> hat am 12. März 2014 um 17:08 geschrieben: >>>> >>>> You only need to move the global catalog the schema over to setup >>>> openchange and then you can seize it back from the sbs system and all >>>> would be well in active directory land. To simply join as 2nd dc you do >>>> not have to seize any roles and the seizing is for extending the exchange >>>> schema onto the active directory which actually should be in place in sbs >>>> so you might have to just seize the role so the global catalog is copied >>>> over and take it right back and openchange might be happy just get ready >>>> for a lot of google and debugging probably as this is not a simple task to >>>> get it all working. I've put in a feature request for openchange to check >>>> for the schema on a remote dc not the local one but that might take a >>>> while to be added. >>>> Steve >>>> On 3/9/2014 8:37 AM, Patric Becker wrote: >>>>> Hi, >>>>> >>>>> I want to join a SOGo-Box to an existing Domain with a Windows SBS 2011 >>>>> Essentials(!!!) Box. >>>>> >>>>> I´ve asked this Question a few weeks before and get the hint to copy/move >>>>> the fsmo roles from the Windows to the SOGo Box BUT after a few tries and >>>>> a little more searching in the Web I found out, that I CAN´T copy/move >>>>> all fsmo Roles from an SBS Essential Server to an other box. >>>>> >>>>> My next Idea was to Use the SOGo Box as FIRST DC but the SBS Essential >>>>> Box couldn´t join a Network as second DC ;(. >>>>> >>>>> Is there an other solution to use SOGo in this network?? >>>>> >>>>> Thanks >>>>> >>>>> Paddie >>>>> >>>>> PS: Sorry for starting an new Thread but I´m at home now and write this >>>>> with our Provider-webfronend. ;-). >>>>> >>>>> PPS: The SBS Essential Box was there as I joined the Company ;). I would >>>>> never buy such crap... >>> >>> >> >> > > -- [email protected] https://inverse.ca/sogo/lists
