Id;ddlZddlmZddlmZmZmZddlm Z ddl m Z m Z ddl mZddlmZmZmZmZmZmZddlmZddlmZmZmZdd lmZGd d eZy) N)dsdb remove_dcwerror)system_session)drsuapimisc)drsuapi_connect)#DS_NTDSDSA_OPT_DISABLE_INBOUND_REPL$DS_NTDSDSA_OPT_DISABLE_OUTBOUND_REPLUF_PARTIAL_SECRETS_ACCOUNTUF_SERVER_TRUST_ACCOUNTUF_TRUSTED_FOR_DELEGATIONUF_WORKSTATION_TRUST_ACCOUNT)Net)Command CommandErrorOption)SamDBc eZdZdZdZeddeeddded d ed d eeddddeddddgZejejejdZ ddZ y)cmd_domain_demotez4Demote ourselves from the role of Domain Controller.z%prog [options]z--serverz(writable DC to write demotion changes on)helptypez-Hz--URLz%LDB URL for database or target serverURLH)rrmetavardestz--remove-other-dead-serverzMDead DC (name or NTDS GUID) to remove ALL references to (rather than this DC)z-qz--quietzBe quiet store_true)ractionz-vz --verbosez Be verbose) sambaoptscredopts versionoptsNc |j} |j| } |j||} |M|td|zt | | } nt|t | | } t j | | |y| jd}t|t | | } |s| jdddg }t|d k(r td t|d k(r td d}|D]6}t|dj|jk7s1|d}n| j}| jt| jtj d|zdg}t|d k(sd|d vrtd|z|d j"}t%t|d d}| jdt|zdg}t|d k7rtdt|z|j&j)d|zt+|| | \}}}|j&j)dtj,}|d j"|_|t.zs0| j1s|t2z}tj4t|tj6d|d<| j9||j&j)d|z| j;| j| j=fD]}t?j@}t||_t?jB}||_"t>jF|_$tKjL||_' |jQ|d | td|zt | | }|j&j)d|jt|j[d|j]zdg}|d j"} t%t|d d}!t|d k7r|t.zsv| j1sf|j&j)d!|t2z}tj4t|tj6d|d<| j9|td"|j]z|!t`tbztdzz}!|!tfz}!tj,}| |_tj4d#|!ztj6d|d< |j9||d j"ji}"d$|"z}#d }$t|#}%|jk|jmtnjp}&|j|&|#tjr%}t|d k7rz|j|&d&|#|$fztjr%}t|d k7rE|$d'kr@|$d z}$|j|&d&|#|$fztjr%}t|d k7r|$d'kr@|$d'k(r|t.zsv| j1sf|j&j)d|t2z}tj4t|tj6d|d<| j9|tj,}| |_tj4d#|!ztj6d|d<|j9|td(t| |#|#|$d)z fzd&|#|$fz}% tjt||%d*t|&}'|jw| |'| jy}(|j=}) t?jz}t|(|_>t|)|_-d |_?|j|d |t j|| |"d1d2| jd3zd4d5fD]6}+ |jtjt||+d*t|'8t j|| | jd67|j&j)d8y#t j $r} td| zd} ~ wwxYw#tR$r}|jT\}}|tVjXk(rn|j&j)d|z|t2z}tj4t|tj6d|d<| j9|tdt|z|Yd}~zd}~wwxYw#t^$r}|t.zsv| j1sf|j&j)d|t2z}tj4t|tj6d|d<| j9|td |d}~wwxYw#t^$r}|t.zsv| j1sf|j&j)d!|t2z}tj4t|tj6d|d<| j9|td |d}~wwxYw#t^$r}|t.zsv| j1sf|j&j)d|t2z}tj4t|tj6d|d<| j9|tj,}| |_tj4d#|!ztj6d|d<|j9|td+t| d,t'|d}~wwxYw#tR$r1}*|*jT\}}|t.zsv| j1sf|j&j)d|t2z}tj4t|tj6d|d<| j9|tj,}|'|_tj4d#|!ztj6d|d<|j9||jw|'| |tVjXk(rtd-|(d.|*td/|(d0|*d}*~*wwxYw#tj$rYwxYw)9N)verbosequietz ldap://%s)url session_info credentialslpzDemote failed: %sz netbios namez.(&(objectClass=computer)(serverReferenceBL=*)) dnsHostNamename) expressionattrsrzUnable to search for serversz%You are the last server in the domainz(objectGUID=%s)options)basescoper+r,zFailed to find options on %sz(fSMORoleOwner=%s)zsearch_options:1:2)r+controlszaCurrent DC is still the owner of %d role(s), use the role command to transfer roles to another DCz,Using %s as partner server for the demotion z!Deactivating inbound replication z0Asking partner server %s to synchronize from us zgError while replicating out last local changes from '%s' for demotion, re-enabling inbound replication z6Error while sending a DsReplicaSync for partition '%s'z#Changing userControl and container z)(&(objectClass=user)(sAMAccountName=%s$))userAccountControl)r/r+r,z6Error while demoting, re-enabling inbound replication z$Error while changing account controlz5Error while demoting, re-enabling inbound replicationz@Unable to find object with samaccountName = %s$ in the remote dcz%dzCN=%s)r/r+r0z%s-%ddzOUnable to find a slot for renaming %s, all names from %s-1 to %s-%d seemed used ,zError while renaming z to zThe DC z= is not present on (already removed from) the remote server: z(Error while sending a removeDsServer of z: z$CN=Enterprise,CN=NTFRS SubscriptionszCN=%s, CN=NTFRS Subscriptionsrealmz?CN=Domain system Volumes (SYSVOL Share), CN=NTFRS SubscriptionszCN=NTFRS SubscriptionsT)ignore_no_namezDemote successful )F get_loadparmget_credentials get_loggerrrrDemoteExceptionrgetsearchlenstrlower get_ntds_GUIDget_config_basednldb SCOPE_SUBTREEdninterrfwriter Messager am_rodcr MessageElementFLAG_MOD_REPLACEmodifyget_schema_basednget_root_basednrDsReplicaObjectIdentifierDsReplicaSyncRequest1naming_contextDRSUAPI_DRS_WRIT_REPr.rGUIDsource_dsa_guid DsReplicaSync RuntimeErrorargsrWERR_DS_DRA_NO_REPLICA domain_dnupper Exceptionr rr r get_rdn_valueget_wellknown_dnget_default_basednrDS_GUID_COMPUTERS_CONTAINERSCOPE_ONELEVELDnrenameget_serverNameDsRemoveDSServerRequest1 server_dncommitDsRemoveDSServerremove_sysvol_referencesdeleteLdbErrorremove_dns_references host_dns_name),selfrr r!serverremove_other_dead_serverrr#r$r(credsloggersamdberr netbios_namerese ntds_guidmsgntds_dn dsa_options drsuapiBinddrsuapi_handlesupportedExtensionsnmsgpartncreq1e1werrstring remote_samdbdc_dnuacdc_namerdninewrdn computer_dnnewdn server_dsa_dndomaine3ss,  # /!+"6+9+;*/B8!.2BPUZ\] >##E63KL vvn- !.*:RTU,,*Zcprxby,zCCA "#ABBCA "#JKKF qy>'')\-?-?-AA}-F  '') llE$;$;$= >!$!2!2?PS\?\"+. s8q=ISV3= IJ Ja&))#c!fY/01 ll&:S\&I%9$:< s8q= , #3x () ) G =LVUWY^=_:n&9 <={{}a&))BBEMMO > >K!00[1A3CWCWYbcDO LL  IIOOO$% &002002..02 y668D 446&(#&;; '+yy';$ y--naF y2 J [6%9.<.>-2r;L IIOOB C%%3|/E/E/G+H1\&2&8&8&:2;-A,B&DCFIIEc#a&!5678C HM"FFPUP]P]P_ KMBB "%"4"4S5EsG[G[]f"gY T" 35A5G5G5I JK K (*++,- - ++kkm$'$6$6tcz7:7K7K7K%M ! J    $a&))))+ S"33  + + -  , ,. !!{s#J\J\!] HM%%;7cSTXCU,/,>,>&@Cc(a-AGE")){wRUWXQYGY030B0B*Dc(a-AG Cx#&JJTYTaTaTcIIOOQS#FFK&)&8&8[9I3K_K_aj&kDOLL&kkm,/,>,>tcz?B?S?S?S-U()##C("$O$'JS!a%#@$ABBQx'F ^FFQ>Q>S7; = -.y,, >"#6#<== >H$ y%'WWNT6v<<< @BFGH$'JJ *-*<*;O;O;O)QC$ %    $#e*cRWjY[\] ]! ^8 8WWNT6"FFPUP]P]P_ MOBB "%"4"4S5EsG[G[]f"gY T"++-CCF(+(:(:4#:;>;O;O;O)QC$ %    $   u -v444"$12$788#$12$788- 8H<<  s,c(c=>Bf8*i6k0Ao;3t9c:'c55c:= f5B$f00f58 iB i  i k-B k((k-0 o89C:o33o8; t6D,t11t69uu)NNNNNNFF)__name__ __module__ __qualname____doc__synopsisrr? takes_optionsr. SambaOptionsCredentialsOptionsVersionOptionstakes_optiongroupsrrrr,s> H z JQTUtW#JQT3 (+3CIL NtYZ Et[|LIM))..-- ,0%)-1!&N/rr)rC samba.getoptgetoptr.sambarrr samba.authr samba.dcerpcrrsamba.drs_utilsr samba.dsdbr r r r rr samba.netr samba.netcmdrrr samba.samdbrrrrrrsB2 ))%&+66c/c/r