Make sure your domain controller you want to demote has no FSMO roles.  There are 7 FSMO roles and to check them use this:

# samba-tool fsmo show

If it does have any FSMO roles, using the DC you want to leave working as a DC, transfer to them to active domain controller:

# samba-tool fsmo transfer --role=*
FSMO transfer of '*' role successful

* The roles are ‘rid’, ‘pdc’, ‘infrastructure’, ‘schema’, ‘naming’, ‘domaindns’, ‘forestdns’, ‘all’.

If you use ‘all’ or domaindns or forstdns, transferring won’t work.   You have to seize them.

# samba-tool fsmo seize --role=domaindns

If there none, you should be able to do this on the demoting server:

# samba-tool domain demote -Uadministrator

You might want to check, using the RSAT tool, your DNS and Active Directory Users and Groups, and Active Directory Site and Services to make sure the second Samba AD/DC is not listed.  Mine still shows in some places though.

If the server is dead, do this:

# samba-tool domain demote --remove-other-dead-server=dc2

Turn off the not dead it is still on, and check to make sure it’s gone in DNS after you do this.  You might want to check also with Active Directory Users and Groups and Active Directory Sites and Services since my second Samba AD/DC was still listed in some places.

Removing nTDSConnection: CN=88b0b124-1a8c-47b4-9f8f-68f724b898c0,CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bales,DC=lan
Removing nTDSDSA: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bales,DC=lan (and any children)
Removing RID Set: CN=RID Set,CN=DC2,OU=Domain Controllers,DC=bales,DC=lan
Removing computer account: CN=DC2,OU=Domain Controllers,DC=bales,DC=lan (and any child objects)
updating ForestDnsZones.bales.lan keeping 1 values, removing 1 values
updating DomainDnsZones.bales.lan keeping 1 values, removing 1 values
updating bales.lan keeping 3 values, removing 1 values
updating DC=_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_kerberos._tcp.Default-First-Site-Name._sites,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_ldap._tcp.Default-First-Site-Name._sites,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_gc._tcp.Default-First-Site-Name._sites,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_ldap._tcp.DomainDnsZones,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_ldap._tcp.ForestDnsZones,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_kerberos._tcp,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_kerberos._udp,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_kpasswd._tcp,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_kpasswd._udp,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_ldap._tcp,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_gc._tcp,DC=bales.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_ldap._tcp.f2ce8d92-e3e7-43d2-a271-72798aa1dbdf.domains,DC=_msdcs.bales.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_kerberos._tcp.Default-First-Site-Name._sites.dc,DC=_msdcs.bales.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_ldap._tcp.Default-First-Site-Name._sites.dc,DC=_msdcs.bales.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_ldap._tcp.Default-First-Site-Name._sites.gc,DC=_msdcs.bales.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=f44f8fb3-6ca5-4d12-8656-61d5e254323f,DC=_msdcs.bales.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=bales,DC=lan keeping 0 values, removing 1 values
updating DC=_kerberos._tcp.dc,DC=_msdcs.bales.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_ldap._tcp.pdc,DC=_msdcs.bales.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_ldap._tcp.dc,DC=_msdcs.bales.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
updating DC=_ldap._tcp.gc,DC=_msdcs.bales.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=bales,DC=lan keeping 1 values, removing 1 values
Removing Sysvol reference: CN=DC2,CN=Enterprise,CN=Microsoft System Volumes,CN=System,CN=Configuration,DC=bales,DC=lan
Removing Sysvol reference: CN=DC2,CN=bales.lan,CN=Microsoft System Volumes,CN=System,CN=Configuration,DC=bales,DC=lan
Removing Sysvol reference: CN=DC2,CN=Domain System Volumes (SYSVOL share),CN=File Replication Service,CN=System,DC=bales,DC=lan
Removing Sysvol reference: CN=DC2,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=bales,DC=lan

References:

https://wiki.samba.org/index.php/Demote_a_Samba_AD_DC

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s