Solved. I have sucessfully migrated a windows 2008R2 domain to samba4 and then create a new samba domain as a replica.
A lot of steps i had to introduce. 1- Working on DNS add samba dc to forest and domain dns _ldap values change DNS SOA to samba4 and add samba4 as NS 2- Working on fsmo run script fixfsmo.vbs samba-tool transfer all roles run adsedit and change samba dc fsMORoleOwner to samba dc working on Global Catalog remove windows domain as GC reboot working on DC removal force windows dcpromo removal working on DNS to remove old values delete old dns windows dc values, kerberos, NS ... etc working on cleaning old DC values from AD run adsedit bind credencials to samba dc remove old DC remove old Default-First-Site-Name DC reference remove dns and AD roles left on windows DC Join samba4 replica and thats it. windows DC replicate do samba4 dc2 and new samba4 added as a replica dc4 root@dc4:~# /opt/samba/bin/samba-tool drs showrepl Default-First-Site-Name\DC4 DSA Options: 0x00000001 DSA object GUID: c5581b86-4ce8-44bc-a55e-3b89db29f553 DSA invocationId: b76275bb-267b-4b79-a4ae-7deba1a13709 ==== INBOUND NEIGHBORS ==== CN=Configuration,DC=lisboa,DC=local Default-First-Site-Name\DC2 via RPC DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b Last attempt @ Mon Feb 25 17:22:48 2013 CET was successful 0 consecutive failure(s). Last success @ Mon Feb 25 17:22:48 2013 CET DC=DomainDnsZones,DC=lisboa,DC=local Default-First-Site-Name\DC2 via RPC DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b Last attempt @ Mon Feb 25 17:22:48 2013 CET was successful 0 consecutive failure(s). Last success @ Mon Feb 25 17:22:48 2013 CET CN=Schema,CN=Configuration,DC=lisboa,DC=local Default-First-Site-Name\DC2 via RPC DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b Last attempt @ Mon Feb 25 17:22:48 2013 CET was successful 0 consecutive failure(s). Last success @ Mon Feb 25 17:22:48 2013 CET DC=lisboa,DC=local Default-First-Site-Name\DC2 via RPC DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b Last attempt @ Mon Feb 25 17:22:49 2013 CET was successful 0 consecutive failure(s). Last success @ Mon Feb 25 17:22:49 2013 CET DC=ForestDnsZones,DC=lisboa,DC=local Default-First-Site-Name\DC2 via RPC DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b Last attempt @ Mon Feb 25 17:22:48 2013 CET was successful 0 consecutive failure(s). Last success @ Mon Feb 25 17:22:48 2013 CET ==== OUTBOUND NEIGHBORS ==== CN=Configuration,DC=lisboa,DC=local Default-First-Site-Name\DC2 via RPC DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=lisboa,DC=local Default-First-Site-Name\DC2 via RPC DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=lisboa,DC=local Default-First-Site-Name\DC2 via RPC DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=lisboa,DC=local Default-First-Site-Name\DC2 via RPC DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=ForestDnsZones,DC=lisboa,DC=local Default-First-Site-Name\DC2 via RPC DSA object GUID: 1f42942d-4d0f-4075-b681-f09f5ed8c95b Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) ==== KCC CONNECTION OBJECTS ==== Connection -- Connection name: d7dde7b1-46eb-4d8f-869b-b84922b6588c Enabled : TRUE Server DNS name : DC2.lisboa.local Server DN name : CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lisboa,DC=local TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! On Mon, Feb 25, 2013 at 1:56 PM, Sérgio Henrique <ser...@gmail.com> wrote: > Well i am guessing that the problem may be on the fsMORoleOwner.. > http://support.microsoft.com/kb/949257 ... > > > > On Mon, Feb 25, 2013 at 11:37 AM, Sérgio Henrique <ser...@gmail.com>wrote: > >> Hi Peter, >> >> I am using 2008R2 domain, i get always the following message: >> http://tinypic.com/r/a1e8y/6 >> >> Thank you in advanced >> >> >> On Mon, Feb 25, 2013 at 11:14 AM, Peter Beck <pe...@datentraeger.li>wrote: >> >>> Sérgio Henrique <ser...@gmail.com> quatschte am Mon, Feb 25, 2013 at >>> 10:27:17AM +0000: >>> > Hi Peter, >>> > >>> > I am unable to demote windows DC, i get always error when demoting >>> windows >>> > AD on ForestDNSzones and DomainDNSzones, i have tried a lot of things. >>> > >>> > Raise forest level, keep at 2003, add samba to nameservers,etc... >>> >>> Hi Sérgio, >>> >>> do you get this message: http://tinypic.com/view.php?pic=140itd4&s=6 ? >>> This message is also shown in my test environment each time I run >>> dcpromo to demote the Windows server. As far as I have seen it's no >>> issue, if the replication is up to date. >>> >>> I had issues if the operation levels were lower than 2003 and Samba was >>> already joined to the domain. Then the only change that was possible for >>> me was to raise to Windows 2000 native, but not 2003 anymore. >>> >>> What I am doing after joining Samba to the domain: >>> >>> * check the operation levels (before joining) >>> * check all the SRV records (usually added automatically) >>> * create a reverse zone if not already there >>> * add ns record for samba to all zones >>> * drink some coffee to ensure everything gets replicated >>> * check everything again, drink some more coffee >>> * again ;-) >>> * disable GC on the win server, running dcpromo >>> >>> but I am still testing the whole migration, no long term experience, >>> most of the time I reset my virtual machine and try again to ensure it >>> still works... >>> >>> > What i can see is that if i create a new samba4 as primary root domain >>> and >>> > then add windows AD i have no problems. >>> > >>> > But my objective is to migrate current windows domain to samba4 and not >>> > the opposite. >>> >>> I am sure that is working very good, but the problem is, our customers >>> usually already have a working Windows environment (I think a lot of us >>> have >>> exactly this problem) and we need to takeover these domains....and do >>> not want >>> to create everything from scratch ;-) >>> >>> Regards >>> Peter >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> >> >> >> >> -- >> Cumprimentos, >> Sérgio Machado >> > > > > -- > Cumprimentos, > Sérgio Machado > -- Cumprimentos, Sérgio Machado -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba