Remember also that you do not have to do any seizing unless you have to
use outlook in your organization. This is only related to the
openchange portion which again is only for outlook interoperability and
web and thunderbird neither one require it.
The schema in microsoft can keep a copy of the global catalog on each dc
and I'm not sure why samba hasn't mimiced that function instead of
seizing. Which would actually fulfill the requirement openchange is
looking for and not muck around with Microsoft's infrastructure like it
presently does.
It seems the primary focus has been replacement and mimicing the forest
and not integration.
Steve
On 3/12/2014 11:05 PM, Ron Scott-Adams wrote:
*Seizing any roles from an SBS server is not supported.* Ever. Under
no circumstances should you ever transfer any domain services away
from an SBS box. Regardless of what samba documentation, /et al/ may
claim, this is always an incorrect action to take.
You cannot treat SBS as a typical domain controller, nor can you treat
an SBS forest as a typical forest. There are elements within SBS that
completely depend upon and expect all roles to be present at all
times. And of all roles to transfer, the schema role invites possibly
the most disaster, as SBS does not expect non-resident schema
modifications.
When you’re playing on Microsoft’s infrastructure, there are some MS
rules you have to follow. Not everything they mandate is merely a
“best practice” or without reason, and this is a prime example.
Now that I’m done ranting/scolding, what is the detailed message you
receive from ntdsutil? It may be helpful to up the logging level of
LDAP Interface Events and DS Schema in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics
(start with a value of 2).
Also, you may consider a system state restore (you do back up your
system state frequently, I hope):
http://blogs.technet.com/b/sbs/archive/2011/03/31/how-to-perform-an-authoritative-system-state-restore-in-sbs-2008-2011-standard.aspx.
Note this will likely hose your samba instance and require some sort
of cleaning to realign it to reality, but SOGo should remain unscathed.
Good luck and such.
On Mar 12, 2014, at 5:14 PM, Patric Becker <p.bec...@britz-trier.de
<mailto:p.bec...@britz-trier.de>> wrote:
OK, monologue ;-),
I give it up! How should I transfer the Schema role from the sogo box
to my sbs?
I´ve tried it in Win with ntdsutil and on my linux with
samba-tool fsmo seize --role=schema
Where is my failure?? ;(
Thanks
Paddie
Patric Becker <p.bec...@britz-trier.de
<mailto:p.bec...@britz-trier.de>> hat am 12. März 2014 um 20:43
geschrieben:
OK, forget the last mail ;-). After I read a bit more I find out,
that the command worked. BUT if I test with
samba-tool fsmo show
it tells me, that schemamasterrole still is on the sogo box ;-(.
I will test a little more this evening. If i get it OK, if not i
give up on it.
Thanks
Paddie
Patric Becker <p.bec...@britz-trier.de
<mailto:p.bec...@britz-trier.de>> hat am 12. März 2014 um 19:51
geschrieben:
Many Thanks for your extensive answer. I´ve tried it this way a few
minutes ago. but when I want to seize it back to the SBS i get this
error
FSMO transfer of 'schema' role successful
ERROR: Failed to initiate role seize of 'schema' role: objectclass:
modify message must have elements/attributes!
I´ve googled a little and found this bugreport
https://bugzilla.samba.org/show_bug.cgi?id=9461
As I understand it correctly. I have to rebuild samba with this
Patch applied to get this working.
Thanks
Paddie
Steve Boley <st...@nams.net <mailto:st...@nams.net>> hat am 12.
März 2014 um 17:08 geschrieben:
You only need to move the global catalog the schema over to setup
openchange and then you can seize it back from the sbs system and
all would be well in active directory land. To simply join as 2nd
dc you do not have to seize any roles and the seizing is for
extending the exchange schema onto the active directory which
actually should be in place in sbs so you might have to just seize
the role so the global catalog is copied over and take it right
back and openchange might be happy just get ready for a lot of
google and debugging probably as this is not a simple task to get
it all working. I've put in a feature request for openchange to
check for the schema on a remote dc not the local one but that
might take a while to be added.
Steve
On 3/9/2014 8:37 AM, Patric Becker wrote:
Hi,
I want to join a SOGo-Box to an existing Domain with a Windows
SBS 2011 Essentials(!!!) Box.
I´ve asked this Question a few weeks before and get the hint to
copy/move the fsmo roles from the Windows to the SOGo Box BUT
after a few tries and a little more searching in the Web I found
out, that I CAN´T copy/move all fsmo Roles from an SBS Essential
Server to an other box.
My next Idea was to Use the SOGo Box as FIRST DC but the SBS
Essential Box couldn´t join a Network as second DC ;(.
Is there an other solution to use SOGo in this network??
Thanks
Paddie
PS: Sorry for starting an new Thread but I´m at home now and
write this with our Provider-webfronend. ;-).
PPS: The SBS Essential Box was there as I joined the Company ;).
I would never buy such crap...
--
users@sogo.nu
https://inverse.ca/sogo/lists
