Make sure your domain controller you want to demote has no FSMO roles.  There are 7 FSMO roles and to check them use this:

samba-tool fsmo show

If it does have any FSMO roles, using the DC you want to leave working as a DC, transfer to them to active domain controller:

samba-tool fsmo transfer --role=*
FSMO transfer of '*' role successful

* The roles are ‘rid’, ‘pdc’, ‘infrastructure’, ‘schema’, ‘naming’, ‘domaindns’, ‘forestdns’, ‘all’.

If you use ‘all’ or domaindns or forstdns, transferring won’t work.   You have to seize them.

samba-tool fsmo seize --role=domaindns

If there none, you should be able to do this on the demoting server:

samba-tool domain demote -Uadministrator

You might want to check, using the RSAT tool, your DNS and Active Directory Users and Groups, and Active Directory Site and Services to make sure the second Samba AD/DC is not listed.  Mine still shows in some places though.

If the server is dead, do this:

samba-tool domain demote --remove-other-dead-server=dc2

Turn off the not dead it is still on, and check to make sure it’s gone in DNS after you do this.  You might want to check also with Active Directory Users and Groups and Active Directory Sites and Services since my second Samba AD/DC was still listed in some places.

Removing nTDSConnection: CN=88b0b124-1a8c-47b4-9f8f-68f724b898c0,CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bales,DC=lan
Removing nTDSDSA: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bales,DC=lan (and any children)
Removing RID Set: CN=RID Set,CN=DC2,OU=Domain Controllers,DC=bales,DC=lan
Removing computer account: CN=DC2,OU=Domain Controllers,DC=bales,DC=lan (and any child objects)
updating ForestDnsZones.bales.lan keeping 1 values, removing 1 values
updating DomainDnsZones.bales.lan keeping 1 values, removing 1 values
updating bales.lan keeping 3 values, removing 1 values
updating DC=_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_kerberos._tcp.Default-First-Site-Name._sites,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_ldap._tcp.Default-First-Site-Name._sites,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_gc._tcp.Default-First-Site-Name._sites,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_ldap._tcp.DomainDnsZones,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_ldap._tcp.ForestDnsZones,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_kerberos._tcp,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_kerberos._udp,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_kpasswd._tcp,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_kpasswd._udp,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_ldap._tcp,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_gc._tcp,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_ldap._tcp.f2ce8d92-e3e7-43d2-a271-72798aa1dbdf.domains,DC=_msdcs.bales.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_kerberos._tcp.Default-First-Site-Name._sites.dc,DC=_msdcs.bales.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_ldap._tcp.Default-First-Site-Name._sites.dc,DC=_msdcs.bales.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_ldap._tcp.Default-First-Site-Name._sites.gc,DC=_msdcs.bales.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=f44f8fb3-6ca5-4d12-8656-61d5e254323f,DC=_msdcs.bales.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=bales,DC=lan keeping 0 values, removing 1 values
updating DC=_kerberos._tcp.dc,DC=_msdcs.bales.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_ldap._tcp.pdc,DC=_msdcs.bales.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_ldap._tcp.dc,DC=_msdcs.bales.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_ldap._tcp.gc,DC=_msdcs.bales.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
Removing Sysvol reference: CN=DC2,CN=Enterprise,CN=Microsoft System Volumes,CN=System,CN=Configuration,DC=bales,DC=lan
Removing Sysvol reference: CN=DC2,CN=bales.lan,CN=Microsoft System Volumes,CN=System,CN=Configuration,DC=bales,DC=lan
Removing Sysvol reference: CN=DC2,CN=Domain System Volumes (SYSVOL share),CN=File Replication Service,CN=System,DC=bales,DC=lan
Removing Sysvol reference: CN=DC2,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=bales,DC=lan

References:

https://wiki.samba.org/index.php/Demote_a_Samba_AD_DC

Advertisements