Uninstallation of backup domain controller

Roman · February 27, 2017, 11:53am

sdb.univention.de/1235
docs.software-univention.de/win … -uninstall
As per two articles I ran this command:

/usr/share/univention-samba4/scripts/purge_s4_computer.py --computername=backupdomaincontroller

Answered “YES” to both questions.

I think it went well, it removed dns records, msdcs name and from SAM database.

samba-tool drs showrepl

shows only the existing backup controllers, it does now show the one I removed.

However the command

ldbsearch -H /var/lib/samba/private/sam.ldb --cross-ncs

# distinguishedName: CN=dns-backupdomaincontroller,CN=Users,DC=domain,DC=com

still has records of old backup. However not as controller, but CN=Users

Why, is it bad and how do I remove it?

Gohmann · February 28, 2017, 5:54pm

It is simply a user for DNS updates. So, it is not bad.

You should be able to remove the user via:

ldbdel -H /var/lib/samba/private/sam.ldb CN=dns-backupdomaincontroller,CN=Users,DC=domain,DC=com

letmesetupthis · July 4, 2025, 7:08am

is there a script to remove residue?
I have the following issues on my univention domain even though “standby” is gone since at least 4 years now:

Es wurden Fehler in den Nameserver Einträgen der folgenden Zonen gefunden. Siehe Univention Support Database - Bind: Zonentransfer fehlgeschlagen für weitere Informationen.

In der Forward-Zone mydomain.tld (siehe Module "udm - dns/dns" (als Administrator)):
Kein Host-Record (A/AAAA record) für Namenserver standby.mydomain.tld gefunden.

In der Forward-Zone socialnetworks.ch (siehe Module "udm - dns/dns" (als Administrator)):
Kein Host-Record (A/AAAA record) für Namenserver standby.mydomain.tld gefunden.

In der Reverse-Zone 10.252.254 (siehe Module "udm - dns/dns" (als Administrator)):
Kein Host-Record (A/AAAA record) für Namenserver standby.mydomain.tld gefunden.

and

Die folgenden KDCs waren nicht erreichbar: tcp standby.mydomain.tld:88, udp standby.mydomain.tld:88

externa1 · July 4, 2025, 2:07pm

you have to remove the old server from the samba ad - easy to do with RSAT Tools

rg

Christian

letmesetupthis · July 4, 2025, 2:54pm

as I see that was done years ago… but maybe differently.
should I smh recreate one with the same name to then do this again?

codedmind · July 4, 2025, 4:08pm

Check this

externa1 · July 4, 2025, 4:10pm

No

the server is still in samba ad - as you see your errors
run samba-tool drs showrepl
you will see the removed server there
with RSAT Tools you can delete the entry of the removed server