Switching server roles betwee Domain Controller and Additional Domain Controller

[faustotex]

I have two identical Zentyal 3.0.23 servers, dc02 configured as a DC and dc01 as an Additional DC.

Replication between them works fine and most everything is working OK.  I wanted to switch their server roles, making dc01 assume the DC role and dc02 the Additional DC.  To this end, I transferred the 5 FSMO roles from dc02 to dc01 and then manually edited the fSMORoleOwner of DC=DomainDnsZones, CN=Infrastructure and of DC=ForestDnsZones, CN= Infrastructure, changing "DC02" to "DC01" at both places.  It appears that dc01 is now indeed behaving as the DC and dc02 as the Additional DC, as I intended.  However, in the Zentyal WebGUI, "File Sharing" has not changed and continues to show dc02 as the DC and dc01 as the Additional DC.  Why ?

[faustotex]

11 days on and in the absence of any comments from Zentyal I might add that notwithstanding my DC still identifying itself as an "Additional domain controller" it certainly is working as the "Domain cntroller".  The same can be said about my additional domain controller, even though it identifies itself as the "Domain controller".

However, it would be nice to know how to clean up this case of switched identities seeing it was generated through simulation of a real-life situation.

[christian]

Just to improve my (poor) understanding:
from functional standpoint, what does it mean to act as BDC rather than PDC (because I assume that this is what you mean with "domain controller" vs. "additional domain controller") ?

[faustotex]

From what I have read, the Samba4 Team discourages the use of the PDC/BDC terminology and concepts.  I understand that all DCs are identical in nature and can do the same things.  In general terms, the first DC installed in a particular domain is "provisioned" with a brand new LDAP database, DNS and the rest of it and, for this reason, is referred to as "The Domain Controller".  All other DCs joined thereafter are referred to as "Additional Domain Controllers", although they can be in essence exact replicas of the original DC.

After one or more DCs co-exist in a domain, it seems to me that there are no diferences between "The Domain Controller" and all "Additional Domain Controllers", except that "The Domain Controller" will retain all FSMO roles (these, by definition, can only be held by one DC at a time) until one or more roles are explicitly transferred to one or more other "Additional Domain Controllers".

So, it not difficult to see that all DCs are made alike and the distinction between "Domain Controller" and "Additional Domain Controller" may become blurred after the initial "provisioning" and "joining" process, through normal life cycle management operations.

I have found that Zentyal adheres to the apparent Samba4 naming convention, permanently calling "Domain Controller" the first DC which "provisioned" the domain infrastructure, regardless of whether any or all FSMO roles are subsequently atributed to an "Additional Domain Controller".

Accordingly, I suggest that the term "Domain Controller" should perhaps be used indiscriminately for all DCs, regardless of whether they were the first, second or Nth to participate in their domain.  Likewise, additional domain controller should not have any special meaning except to identify "Domain Controllers" which join an existing domain.

From the Zentyal "File Sharing" GUI point of view, perhaps the screen should  be split into two areas:

1. one area for all DCs, in essence what is now the configuration of a "Domain controller";

2. a bit lower down, an area for additional parameters to allow joining of "Additional domain controllers" e.g. "Existing Domain controller FQDN:", "Domain DNS server IP:", "Administrator account:", "Administrator password:".

[christian]

Crystal clear. I fully share. Well, I shared until I read the last section.
Not that I disagree but I felt somewhat disappointed because when I read the beginning of your sentence, I though you were going to write:

From the Zentyal "File Sharing" GUI point of view, perhaps the screen should  be split into two areas:

1. one area for all DCs, in essence what is now the configuration of a "Domain controller";
2. one area for Windows file sharing

Obviously this is  not your point 
Perhaps I'm the only one confused (only slightly however) with Zentyal menu organization that is exposing Windows file sharing and "DC" within the same section.
I do understand this is because it all relies on Samba but I also feel that Samba makes this confused too.

This is because it mimics what Microsoft does, I know, but this is frustrating 
Like if DNS and mail were merged under same umbrella because without DNS and MX there is no mail