[Samba] Demote Win2008R2 DC Fail

Discussion:

Anderson Hoffmann do Carmo

2016-07-11 18:26:16 UTC

Hi.

I am using a Windows Server 2008R2 as primary DC and a Ubuntu Server 16.04
as secundary DC with Samba 4.3.9 (from repository/apt-get)
I am transfered FSMO rules to Samba and I am try to demote Windows, but
fail!
The error is:

The operation failed:
The active directory domain services could not find another domain
controller to transfer the remaining data on the partition
DC=DomainDnsZones,DC=testead,DC=minhaempresa,DC=com
"the specified domain does not exist or can not be contacted"

Any ideia?

The Samba DC it's OK and operational

Anderson Hoffmann

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Anderson Hoffmann do Carmo

2016-07-11 19:04:02 UTC

Permalink

I am transfer using 'samba-tool fsmo transfer --role=all
I am try demote Windows using DCPROMO.EXE on Windows Server
The output of command, no errors. (CN=GTESTE2 = Samba DC)

***@gteste2:/anderson#
***@gteste2:/anderson# *samba-tool fsmo show*
SchemaMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
***@gteste2:/anderson#

Thanks,

Anderson Hoffmann

Post by Anderson Hoffmann do Carmo
Hi.
I am using a Windows Server 2008R2 as primary DC and a Ubuntu Server 16.04
as secundary DC with Samba 4.3.9 (from repository/apt-get)
I am transfered FSMO rules to Samba and I am try to demote Windows, but
fail!

How did you transfer the FSMO roles ?
What 'tool' did you use ?

Post by Anderson Hoffmann do Carmo
The active directory domain services could not find another domain
controller to transfer the remaining data on the partition
DC=DomainDnsZones,DC=testead,DC=minhaempresa,DC=com
"the specified domain does not exist or can not be contacted"

Have you tried running 'samba-tool fsmo show' in a terminal on the Samba
DC ?
If so, does it show all 7 FSMO role owners or does it end with an error
message ?
Rowland
Any ideia?

Post by Anderson Hoffmann do Carmo
The Samba DC it's OK and operational
Anderson Hoffmann

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Jason Waters

2016-07-11 19:13:14 UTC

Permalink

So you transfer all the fsmo roles and then when you are running dcpromo on
the 2008 DC it fails, correct?

On Mon, Jul 11, 2016 at 3:04 PM, Anderson Hoffmann do Carmo <

Post by Anderson Hoffmann do Carmo
I am transfer using 'samba-tool fsmo transfer --role=all
I am try demote Windows using DCPROMO.EXE on Windows Server
The output of command, no errors. (CN=GTESTE2 = Samba DC)
SchemaMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
Thanks,
Anderson Hoffmann

Post by Anderson Hoffmann do Carmo
Hi.
I am using a Windows Server 2008R2 as primary DC and a Ubuntu Server

16.04

Post by Anderson Hoffmann do Carmo
as secundary DC with Samba 4.3.9 (from repository/apt-get)
I am transfered FSMO rules to Samba and I am try to demote Windows, but
fail!

How did you transfer the FSMO roles ?
What 'tool' did you use ?

Have you tried running 'samba-tool fsmo show' in a terminal on the Samba
DC ?
If so, does it show all 7 FSMO role owners or does it end with an error
message ?
Rowland
Any ideia?

Post by Anderson Hoffmann do Carmo
The Samba DC it's OK and operational
Anderson Hoffmann

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Anderson Hoffmann do Carmo

2016-07-11 19:15:57 UTC

Permalink

Yes! exactly

Anderson Hoffmann

Post by Jason Waters
So you transfer all the fsmo roles and then when you are running dcpromo
on the 2008 DC it fails, correct?
On Mon, Jul 11, 2016 at 3:04 PM, Anderson Hoffmann do Carmo <

Post by Anderson Hoffmann do Carmo
Hi.
I am using a Windows Server 2008R2 as primary DC and a Ubuntu Server

16.04

Post by Anderson Hoffmann do Carmo
as secundary DC with Samba 4.3.9 (from repository/apt-get)
I am transfered FSMO rules to Samba and I am try to demote Windows, but
fail!

How did you transfer the FSMO roles ?
What 'tool' did you use ?

Have you tried running 'samba-tool fsmo show' in a terminal on the Samba
DC ?
If so, does it show all 7 FSMO role owners or does it end with an error
message ?
Rowland
Any ideia?

Post by Anderson Hoffmann do Carmo
The Samba DC it's OK and operational
Anderson Hoffmann

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Jason Waters

2016-07-11 19:40:41 UTC

Permalink

I had to use dcpromo /forceremoval because I had the same error message.
Then I did the metadata cleanup and removed your windows 2008 DC. You can
run that from any machine joined to the domain.

On Mon, Jul 11, 2016 at 3:15 PM, Anderson Hoffmann do Carmo <

Post by Anderson Hoffmann do Carmo
Yes! exactly
Anderson Hoffmann

Post by Jason Waters
So you transfer all the fsmo roles and then when you are running dcpromo
on the 2008 DC it fails, correct?
On Mon, Jul 11, 2016 at 3:04 PM, Anderson Hoffmann do Carmo <

Post by Anderson Hoffmann do Carmo
Hi.
I am using a Windows Server 2008R2 as primary DC and a Ubuntu Server

16.04

Post by Anderson Hoffmann do Carmo
as secundary DC with Samba 4.3.9 (from repository/apt-get)
I am transfered FSMO rules to Samba and I am try to demote Windows,

but

Post by Anderson Hoffmann do Carmo
fail!

How did you transfer the FSMO roles ?
What 'tool' did you use ?

Have you tried running 'samba-tool fsmo show' in a terminal on the

Samba

DC ?
If so, does it show all 7 FSMO role owners or does it end with an error
message ?
Rowland
Any ideia?

Post by Anderson Hoffmann do Carmo
The Samba DC it's OK and operational
Anderson Hoffmann

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Jason Waters

2016-07-11 20:06:04 UTC

Permalink

It did show that he had all 7 but that is a good point. I would shutdown
the 2008 server and make sure users can login, etc....

Post by Anderson Hoffmann do Carmo
I am transfer using 'samba-tool fsmo transfer --role=all

Unless you added '-UAdministrator --password=PASSWORD' to the above
command (or another user will the required permissions), you wouldn't have
transferred the DNS roles.
I am try demote Windows using DCPROMO.EXE on Windows Server
Have you tried (once you are sure all 7 FSMO roles have been transferred)
turning off the windows server and then running 'samba-tool domain demote
--remove-other-dead-server=REMOVE_OTHER_DEAD_SERVER -UAdministrator
--password=PASSWORD'.
Before doing any of the above, I would check if everything is ok in the AD
on your Samba 4 AD DC.
You also didn't say if 'samba-tool fsmo show' shows all your 7 FSMO roles
without errors.
Rowland
The output of command, no errors. (CN=GTESTE2 = Samba DC)

Post by Anderson Hoffmann do Carmo
SchemaMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
Thanks,
Anderson Hoffmann
Hi.
I am using a Windows Server 2008R2 as primary DC and a Ubuntu
Server 16.04
as secundary DC with Samba 4.3.9 (from repository/apt-get)
I am transfered FSMO rules to Samba and I am try to demote Windows, but
fail!
How did you transfer the FSMO roles ?
What 'tool' did you use ?
The active directory domain services could not find another domain
controller to transfer the remaining data on the partition
DC=DomainDnsZones,DC=testead,DC=minhaempresa,DC=com
"the specified domain does not exist or can not be contacted"
Have you tried running 'samba-tool fsmo show' in a terminal on the
Samba DC ?
If so, does it show all 7 FSMO role owners or does it end with an
error message ?
Rowland
Any ideia?
The Samba DC it's OK and operational
Anderson Hoffmann
-- To unsubscribe from this list go to the following URL and read
the
instructions: https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Jason Waters

2016-07-11 20:38:38 UTC

Permalink

Didn't his second email show the output of fsmo show? Which showed all 7
roles. But you are correct, making sure things are actually there before
he kills the old one is best!

Post by Jason Waters
It did show that he had all 7 but that is a good point. I would shutdown
the 2008 server and make sure users can login, etc....

I haven't seen the OP saying that the Samba DC is showing all the 7 FSMO
roles and I would like to know. I need to know what, if anything, is
different on an AD DC, DNS wise.
Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Jason Waters

2016-07-12 12:19:13 UTC

Permalink

Do you want to keep this 2008 machine in the mix? Or are you looking to
move everything to samba?

Post by Jason Waters
Didn't his second email show the output of fsmo show? Which showed all
7 roles. But you are correct, making sure things are actually there before
he kills the old one is best!
It did show that he had all 7 but that is a good point. I
would shutdown the 2008 server and make sure users can login,
etc....
I haven't seen the OP saying that the Samba DC is showing all
the 7 FSMO roles and I would like to know. I need to know what, if
anything, is different on an AD DC, DNS wise.
Rowland

Rats, I sometimes hate Thunderbird, it was hidden by a 'show quoted
text', yes it does look like his Samba DC has all the FSMO roles, provided
his Samba DC is called 'GTESTE2'
Rowland

OK, I did a bit of googling and it seems that this is not just a Samba
https://social.technet.microsoft.com/Forums/scriptcenter/en-US/b1af276f-1a12-4a78-8ea3-f49ab04844ea/the-directory-service-is-missing-mandatory-configuration-information-and-is-unable-to-determine-the?forum=winserverDS
Read right to the bottom, I think the answer is there.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Jason Waters

2016-07-12 12:22:20 UTC

Permalink

I tried that fix and it did not work for me, but I do think I was in 2003
trying to do it. People were having issues using edsiedit to change that
entry. The only entries that I was able to put in there was blank or or
the machine I was on. I tried using ntsdutil.exe and was able to use it to
change to the same two entries, not the new role owner!

Post by Jason Waters
Do you want to keep this 2008 machine in the mix? Or are you looking to
move everything to samba?

Rats, I sometimes hate Thunderbird, it was hidden by a 'show quoted
text', yes it does look like his Samba DC has all the FSMO roles, provided
his Samba DC is called 'GTESTE2'
Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Jason Waters

2016-07-12 12:33:59 UTC

Permalink

This is what I would do.

1. Make sure everything is off of the 2008 machine so you don't need to
turn it back on
2. Shut down the 2008 machine
2.5 Update your DNS on the samba machine to be the samba machine, not the
2008 DC
3. Test everything and make sure samba is fully working on your domain
4. Test everything again
5. Test!
6. Seize the roles on your samba machine, samba-tool fsmo seize --force
--role=all -Uadministrator
I don't think you need the -U, but just in case
7. Reboot that machine and make sure everything looks good
8. make sure samba-tool fsmo show, shows all 7 roles of the samba machine
9. From a workstation, run the Metadata clean.vbs script. This will remove
the replication to the now off 2008 DC
10. Reboot the samba box
11. run samba-tool drs showrepl and it shouldn't show any partners
12. Once that is done you should just have samba. You can then add more
DC's with

samba-tool domain join domain.local DC -UAdministrator

and any other options you need.

On Tue, Jul 12, 2016 at 8:24 AM, Anderson Hoffmann do Carmo <

Post by Jason Waters
Do you want to keep this 2008 machine in the mix? Or are you looking to
move everything to samba?

Post by Jason Waters
Didn't his second email show the output of fsmo show? Which showed

all

Post by Jason Waters
7 roles. But you are correct, making sure things are actually there

before

Post by Jason Waters
he kills the old one is best!
It did show that he had all 7 but that is a good point. I
would shutdown the 2008 server and make sure users can login,
etc....
I haven't seen the OP saying that the Samba DC is showing all
the 7 FSMO roles and I would like to know. I need to know what, if
anything, is different on an AD DC, DNS wise.
Rowland

Rats, I sometimes hate Thunderbird, it was hidden by a 'show quoted
text', yes it does look like his Samba DC has all the FSMO roles,

provided

his Samba DC is called 'GTESTE2'
Rowland

OK, I did a bit of googling and it seems that this is not just a Samba

https://social.technet.microsoft.com/Forums/scriptcenter/en-US/b1af276f-1a12-4a78-8ea3-f49ab04844ea/the-directory-service-is-missing-mandatory-configuration-information-and-is-unable-to-determine-the?forum=winserverDS

Read right to the bottom, I think the answer is there.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Anderson Hoffmann do Carmo

2016-07-12 12:55:07 UTC

Permalink

Post by Jason Waters
This is what I would do.
1. Make sure everything is off of the 2008 machine so you don't need to
turn it back on
2. Shut down the 2008 machine
2.5 Update your DNS on the samba machine to be the samba machine, not the
2008 DC
3. Test everything and make sure samba is fully working on your domain
4. Test everything again
5. Test!
6. Seize the roles on your samba machine, samba-tool fsmo seize --force
--role=all -Uadministrator
I don't think you need the -U, but just in case

Yes you do, it is required if you are transferring or seizing the DNS FSMO
roles.
7. Reboot that machine and make sure everything looks good

Post by Jason Waters
8. make sure samba-tool fsmo show, shows all 7 roles of the samba machine
9. From a workstation, run the Metadata clean.vbs script. This will remove
the replication to the now off 2008 DC

This is what 'samba-tool domain demote
--remove-other-dead-server=REMOVE_OTHER_DEAD_SERVER' does on Samba 4.4.0 up
Rowland
10. Reboot the samba box

Post by Jason Waters
11. run samba-tool drs showrepl and it shouldn't show any partners
12. Once that is done you should just have samba. You can then add more
DC's with
samba-tool domain join domain.local DC -UAdministrator
and any other options you need.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Anderson Hoffmann do Carmo

2016-07-12 19:15:04 UTC

Permalink

Yes you do, it is required if you are transferring or seizing the DNS
FSMO roles.
7. Reboot that machine and make sure everything looks good

This is what 'samba-tool domain demote
--remove-other-dead-server=REMOVE_OTHER_DEAD_SERVER' does on Samba 4.4.0 up
Rowland
10. Reboot the samba box

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Jason Waters

2016-07-12 19:21:33 UTC

Permalink

Glad to hear it! Enjoy samba!

On Tue, Jul 12, 2016 at 3:15 PM, Anderson Hoffmann do Carmo <

Yes you do, it is required if you are transferring or seizing the DNS
FSMO roles.
7. Reboot that machine and make sure everything looks good

This is what 'samba-tool domain demote
--remove-other-dead-server=REMOVE_OTHER_DEAD_SERVER' does on Samba 4.4.0 up
Rowland
10. Reboot the samba box

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Anderson Hoffmann do Carmo

2016-07-12 11:44:40 UTC

Permalink

Post by Anderson Hoffmann do Carmo
I am transfer using 'samba-tool fsmo transfer --role=all
Unless you added '-UAdministrator --password=PASSWORD' to the above
command (or another user will the required permissions), you wouldn't have
transferred the DNS roles.
I am try demote Windows using DCPROMO.EXE on Windows Server
Have you tried (once you are sure all 7 FSMO roles have been transferred)
turning off the windows server and then running 'samba-tool domain demote
--remove-other-dead-server=REMOVE_OTHER_DEAD_SERVER -UAdministrator
--password=PASSWORD'.
Before doing any of the above, I would check if everything is ok in the AD
on your Samba 4 AD DC.
You also didn't say if 'samba-tool fsmo show' shows all your 7 FSMO roles
without errors.
Rowland
The output of command, no errors. (CN=GTESTE2 = Samba DC)
SchemaMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
Thanks,
Anderson Hoffmann

Post by Anderson Hoffmann do Carmo
Hi.
I am using a Windows Server 2008R2 as primary DC and a Ubuntu Server 16.04
as secundary DC with

Samba 4.3.9 (from repository/apt-get)
I am transfered FSMO rules to Samba and I am try to demote Windows, but
fail!

How did you transfer the FSMO roles ?
What 'tool' did you use ?

Have you tried running 'samba-tool fsmo show' in a terminal on the Samba
DC ?
If so, does it show all 7 FSMO role owners or does it end with an error
message ?
Rowland
Any ideia?

Post by Anderson Hoffmann do Carmo
The Samba DC it's OK and operational
Anderson Hoffmann

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Jason Waters

2016-07-12 12:10:59 UTC

Permalink

That only comes with version 4.4.

On Tue, Jul 12, 2016 at 7:44 AM, Anderson Hoffmann do Carmo <

Post by Anderson Hoffmann do Carmo
I am transfer using 'samba-tool fsmo transfer --role=all
Unless you added '-UAdministrator --password=PASSWORD' to the above
command (or another user will the required permissions), you wouldn't have
transferred the DNS roles.
I am try demote Windows using DCPROMO.EXE on Windows Server
Have you tried (once you are sure all 7 FSMO roles have been transferred)
turning off the windows server and then running 'samba-tool domain demote
--remove-other-dead-server=REMOVE_OTHER_DEAD_SERVER -UAdministrator
--password=PASSWORD'.
Before doing any of the above, I would check if everything is ok in the
AD on your Samba 4 AD DC.
You also didn't say if 'samba-tool fsmo show' shows all your 7 FSMO roles
without errors.
Rowland
The output of command, no errors. (CN=GTESTE2 = Samba DC)
SchemaMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
Thanks,
Anderson Hoffmann

Post by Anderson Hoffmann do Carmo
Hi.
I am using a Windows Server 2008R2 as primary DC and a Ubuntu Server 16.04
as secundary DC with

Samba 4.3.9 (from repository/apt-get)
I am transfered FSMO rules to Samba and I am try to demote Windows, but
fail!

How did you transfer the FSMO roles ?
What 'tool' did you use ?

Have you tried running 'samba-tool fsmo show' in a terminal on the Samba
DC ?
If so, does it show all 7 FSMO role owners or does it end with an error
message ?
Rowland
Any ideia?

Post by Anderson Hoffmann do Carmo
The Samba DC it's OK and operational
Anderson Hoffmann

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba