Sticky AD

typecookie

Cadet
Joined
Dec 13, 2019
Messages
2
Running FreeNAS-11.3-RC1

I have a client with small network running on sbs 2011. we are moving exchange off site ans well as upgrading AD to server 2019 essentials. we first moved shares of to freenas it joined the old domain no problem. user auth and connect no problem. second built new server decided to build new domain rather than migrate and so set up trust (trust works I have confirmed cross auth). the problem arises when i try to move freenas to the new domain. (old MRTSSALVAGEYARD.local new MRTS.local) when i webinfo -t i get
checking the trust secret for domain MRTSSALVAGEYARD via RPC calles failed

any help would be appreciated I can provide more data if called for
thanks in advance
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,546
Running FreeNAS-11.3-RC1

I have a client with small network running on sbs 2011. we are moving exchange off site ans well as upgrading AD to server 2019 essentials. we first moved shares of to freenas it joined the old domain no problem. user auth and connect no problem. second built new server decided to build new domain rather than migrate and so set up trust (trust works I have confirmed cross auth). the problem arises when i try to move freenas to the new domain. (old MRTSSALVAGEYARD.local new MRTS.local) when i webinfo -t i get
checking the trust secret for domain MRTSSALVAGEYARD via RPC calles failed

any help would be appreciated I can provide more data if called for
thanks in advance
In the next RC we should be adding a "leave domain" button to the UI. You can do it from the command line via midclt call activedirectory.leave '{"username": "domain_admin_account", "password": "your password"}'. Then you should be clear to join the new one.

That will work if your server is in a clean state. Since you're potentially in between domains, it may be a bit more hands-on. Remove the kerberos realm, remove you AD_MACHINE_ACCOUNT keytab, change your WORKGROUP under Services->SMB to the short-form name of your new AD domain, set DNS correctly, remove the NTP entry for the DC in the first domain, and then try joining the second one.
 

typecookie

Cadet
Joined
Dec 13, 2019
Messages
2
Thanks For the help i had a failure with midclt call activedirectory.leave '{"username": "domain_admin_account", "password": "your password"}'
but a bit of looking I found net ads leave -U "username" to work Im up and running now
 
Top