I'm working my way off of our Windows 2003 R2 Domain Server. That machine
is called PDC, sorry really bad planning so many years ago! So my end goal
is to have two samba4 domain controllers. They are setup and joined as
DC's, dc01 and dc02. I have most of my files off of PDC but would like to
keep it up for a little longer to make sure I have everything off of there.


So I tried transferring all the roles. The first 5 worked great, the last
two, ForestDns/DomainDns fail with this error.

***@DC01:~# samba-tool fsmo transfer --role=domaindns -UAdministrator
Password for [FISHERTHOMPSON\Administrator]:
ERROR: Failed to delete role 'domaindns': LDAP error 16
LDAP_NO_SUCH_ATTRIBUTE - <00002085: AtrErr: DSID-03151B93, #1:
0: 00002085: DSID-03151B93, problem 1001 (NO_ATTRIBUTE_OR_VAL),
data 0, Att 90171 (fSMORoleOwner):len 286
***@DC01:~# samba-tool fsmo transfer --role=forestdns -UAdministrator
Password for [FISHERTHOMPSON\Administrator]:
ERROR: Failed to delete role 'forestdns': LDAP error 16
LDAP_NO_SUCH_ATTRIBUTE - <00002085: AtrErr: DSID-03151B93, #1:
0: 00002085: DSID-03151B93, problem 1001 (NO_ATTRIBUTE_OR_VAL),
data 0, Att 90171 (fSMORoleOwner):len 286
Ideally I would get the transfer to just work, but if I can't do that then
I have a question about the path forward. Since I would like to keep the
PDC up, do I run dcpromo on PDC(Win2003) and get it out of the domain and
then do the samba-tool fsmo seize, or the other way around? Or doesn't it
matter? My concern is the big scary messages about NEVER EVER start the
machine again that you seized the fsmo from for fear of your entire AD
blowing up and zombie apocalypse starting. But I thought once you run the
dcpromo and demote the DC active directory is gone and then it won't break
AD on the good domain.

So if you could

1. Help me resolve my issue so I can do the transfer, that would be
awesome.

2. If that doesn't work, tell me the correct order of seize and dcpromo.

Thanks for the help!

Jason
irc: jch2os


Some information about the samba dc's

Welcome to Ubuntu 14.04.4 LTS (GNU/Linux 3.13.0-88-generic x86_64)

***@DC01:~# samba-tool domain level show
Domain and forest function level for domain 'DC=fisherthompson,DC=local'

Forest function level: (Windows) 2003
Domain function level: (Windows) 2003
Lowest function level of a DC: (Windows) 2003


***@DC01:~# dpkg -l |grep samba
ii python-samba 2:4.3.9+dfsg-0ubuntu0.14.04.3
amd64 Python bindings for Samba
ii samba 2:4.3.9+dfsg-0ubuntu0.14.04.3
amd64 SMB/CIFS file, print, and login server for Unix
ii samba-common 2:4.3.9+dfsg-0ubuntu0.14.04.3
all common files used by both the Samba server and client
ii samba-common-bin 2:4.3.9+dfsg-0ubuntu0.14.04.3
amd64 Samba common files used by both the server and the client
ii samba-dsdb-modules 2:4.3.9+dfsg-0ubuntu0.14.04.3
amd64 Samba Directory Services Database
ii samba-libs:amd64 2:4.3.9+dfsg-0ubuntu0.14.04.3
amd64 Samba core libraries
ii samba-vfs-modules 2:4.3.9+dfsg-0ubuntu0.14.04.3
amd64 Samba Virtual FileSystem plugins
***@DC01:~# samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS
Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local