Zentyal 4.0 加入 DC 後轉移五大角色+轉移DNS 兩大角色

就與強制轉移一樣(PDC 掛了要強制轉移) 只是不會問你會不會要強制轉移 .....應該說是 .........和平轉移 ....哈哈

root@zentyal-ad:~# samba-tool fsmo show
params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf"
ldb_wrap open of secrets.ldb
InfrastructureMasterRole owner: CN=NTDS Settings,CN=WIN-AD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tw2,DC=test
RidAllocationMasterRole owner: CN=NTDS Settings,CN=WIN-AD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tw2,DC=test
PdcEmulationMasterRole owner: CN=NTDS Settings,CN=WIN-AD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tw2,DC=test
DomainNamingMasterRole owner: CN=NTDS Settings,CN=WIN-AD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tw2,DC=test
SchemaMasterRole owner: CN=NTDS Settings,CN=WIN-AD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tw2,DC=test

root@zentyal-ad:/usr/share/zentyal-samba# ./ad-migrate
WARNING: This script will transfer all FSMO roles from the current owners to
the local server.
After all roles has been successfully transferred, you can shutdown
the other domain controllers.
Do you want to continue [Y/n]? Y

Checking server mode...

Checking if server is provisioned...

Synchronizing sysvol share...

Transferring FSMO roles...
Transferring Schema Master role from owner: CN=NTDS Settings,CN=WIN-AD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tw2,DC=test
Transferring Domain Naming Master role from owner: CN=NTDS Settings,CN=WIN-AD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tw2,DC=test
Transferring PDC Emulation Master role from owner: CN=NTDS Settings,CN=WIN-AD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tw2,DC=test
Transferring RID Allocation Master role from owner: CN=NTDS Settings,CN=WIN-AD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tw2,DC=test
Transferring Infrastructure Master role from owner: CN=NTDS Settings,CN=WIN-AD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tw2,DC=test
Migrated successfully!
root@zentyal-ad:/usr/share/zentyal-samba#
root@zentyal-ad:/usr/share/zentyal-samba# samba-tool fsmo show
params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf"
ldb_wrap open of secrets.ldb
InfrastructureMasterRole owner: CN=NTDS Settings,CN=ZENTYAL-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tw2,DC=test
RidAllocationMasterRole owner: CN=NTDS Settings,CN=ZENTYAL-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tw2,DC=test
PdcEmulationMasterRole owner: CN=NTDS Settings,CN=ZENTYAL-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tw2,DC=test
DomainNamingMasterRole owner: CN=NTDS Settings,CN=ZENTYAL-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tw2,DC=test
SchemaMasterRole owner: CN=NTDS Settings,CN=ZENTYAL-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tw2,DC=test
root@zentyal-ad:/usr/share/zentyal-samba#

root@linux-ad2:~# ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -b "CN=Infrastructure,DC=DomainDnsZones,DC=tw2,DC=test" -s base fSMORoleOwner

params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf"
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
# record 1
dn: CN=Infrastructure,DC=DomainDnsZones,DC=tw2,DC=test
fSMORoleOwner: CN=NTDS Settings,CN=LINUX-AD2,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=tw2,DC=test

# returned 1 records
# 1 entries
# 0 referrals

root@linux-ad2:~# ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -b "CN=Infrastructure,DC=ForestDnsZones,DC=tw2,DC=test" -s base fSMORoleOwner

params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf"
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
# record 1
dn: CN=Infrastructure,DC=ForestDnsZones,DC=tw2,DC=test
fSMORoleOwner: CN=NTDS Settings,CN=LINUX-AD2,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=tw2,DC=test

# returned 1 records
# 1 entries
# 0 referrals

確定7 個角色 ........domain demote

root@linux-ad2:~# samba-tool domain demote
params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf"
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
ERROR: Current DC is still the owner of 7 role(s), use the role command to transfer roles to another DC
root@linux-ad2:~#

echochio

echochio 發表在痞客邦留言(0) 人氣(189)

echochio

echochio的部落格跳到主文歡迎光臨echochio在痞客邦的小天地，我是一個(C/P)收集工程師^ ^ 所以想要跟(C/P)同好收集內容因此有需要(C/P)下面程式語法的同好請來和我交流, 分享相片