Hello Thomas,
We have:
https://wiki.samba.org/index.php/Transfering_and_Seizing_FSMO_Roles#Windows_FSMO_Role_Management
It's just a suggestion to use the DC with this role. You can use any
other DC as well. It doesn't make sense to transfer the role for this.
How is this related to FSMO roles?
What is necessary to make the share appear?
Isn't this something users find in Windows documentation? This is not
something special caused by Samba.

I vote for not documenting things that are pure Windows and doesn't
require anything special because of Samba behavior.


Regards,
Marc

Hi,

Would you mind telling me which version of samba are you using to transfer the FSMO roles ?
Seems I cannot transfer using Samba 4.5.1.
Thanks.

Best,
Kelvin Yip

-----Original Message-----
From: samba [mailto:samba-***@lists.samba.org] On Behalf Of Thomas Maerz via samba
Sent: Wednesday, October 19, 2016 1:00 AM
To: samba <***@lists.samba.org>
Subject: [Samba] Transferring FSMO Roles to Server 2008 R2 DC

Hello,

As far as I know, there is no Wiki article for transferring FSMO Roles to Server 2008 R2 DC. This article’s focus is on joining a Server 2012 DC to a Samba4 domain, but it touches on the subject: https://wiki.samba.org/index.php/Joining_a_Windows_Server_2012_/_2012_R2_DC_to_a_Samba_AD <https://wiki.samba.org/index.php/Joining_a_Windows_Server_2012_/_2012_R2_DC_to_a_Samba_AD>

I would like to suggest a new wiki page be made for transferring FSMO Roles to Server 2008/2008 R2 DC specifically and have some notes to add to what is present in the 2012 joining page.

1. RE: The SysVol replication section: Robocopy based sysvol replication appears to only be for Samba4 —> Windows DC SysVol Replication, so I don’t think it is applicable if the FSMO is a Windows DC 2. RE: The SysVol Share section: The SysVol share doesn’t exist upon successful join of 2008/R2 DC, but the netlogon share also does not exist and this is not addressed in the article 3. RE: FSMO Roles section: This section references Transferring and seizing FSMO_Roles wiki article, which points to https://support.microsoft.com/en-us/kb/324801 to do this the MS way. This only addresses the first 5 roles shown in samba-tool fsmo show. In order to move DomainDnsZonesMasterRole and ForestDnsZonesMasterRole, the following steps are necessary:

To transfer the infrastructure master for application partitions:
Open ADSIEdit. Connect to the server you want to transfer the roles to (it is important, otherwise you'll get an error).

For domain DNS zones:
Connect to DC=DomainDnsZones,DC=yourdomain,DC=tld
Open the properties of the object CN=Infrastructure,DC=DomainDnsZones,DC=yourdomain,DC=tld
Change the attribute fSMORoleOwner toCN=NTDSSettings,CN=Name_of_DC,CN=Servers,CN=DRSite,CN=Sites,CN=Configuration,DC=Yourdomain,DC=TLD
For forest DNS zones
Connect to DC=ForestDnsZones,DC=yourdomain,DC=tld and do the same.
Same for any other application partitions if they exist.

Source: https://social.technet.microsoft.com/Forums/windowsserver/en-US/b77a7e5c-590e-4d23-a9cb-8c4c0f403baf/forestdnszones-and-domaindnszones-have-wrong-infrastructure-role-record?forum=winserverDS <https://social.technet.microsoft.com/Forums/windowsserver/en-US/b77a7e5c-590e-4d23-a9cb-8c4c0f403baf/forestdnszones-and-domaindnszones-have-wrong-infrastructure-role-record?forum=winserverDS>

i have tested this process and it works to get all FSMO roles transferred to Windows Server 2008R2 DC.

Thomas Maerz
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba