Mac OS X Server

Demote an Open Directory Master using the Server app

macOS Server 5.2 running on Sierra can have problems with Open Directory. Sometimes, you just need to reset your directory service. You can demote and restore the server if needed. But buyer beware, you may end up screwing things up while the directory server is being demoted and you’re restoring a backup. Or if you haven’t built out the directory server, you may end up just demoting the server and starting over. In this article, we’ll look at demoting the server.

To get started demoting the Open Directory master, first open the Server app and click on Open Directory.

screen-shot-2016-09-25-at-10-58-00-pm

From the Open Directory screen, click on the minus button in the Servers section. When prompted to Delete the directory service, click on the Delete button.

screen-shot-2016-09-25-at-10-58-41-pm

Once the process is complete, you’ll be able to setup a new directory server, back at the initial Open Directory screen. The process takes awhile, so be patient.

Screen Shot 2015-09-07 at 11.41.58 PM

Note: This process can fail on Open Directory replicas. Make sure you can ssh into the master from the replica, and that you can access all required slurpd services.

The logs will then show the following:

2016-09-08 04:41:24 +0000 slapconfig -destroyldapserver
2016-09-08 04:41:24 +0000 Deleting Cert Authority related data
2016-09-08 04:41:24 +0000 Removed directory at path /var/root/Library/Application Support/Certificate Authority/Krypted Open Directory Certificate Authority.
2016-09-08 04:41:24 +0000 command: /usr/sbin/xscertadmin add –reason 5 –issuer Krypted Open Directory Certificate Authority –serial 2842025604
2016-09-08 04:41:44 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd.plist
2016-09-08 04:41:44 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist
2016-09-08 04:41:44 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertadmin.plist
2016-09-08 04:41:44 +0000 Stopping LDAP server (slapd)
2016-09-08 04:41:46 +0000 Stopping password server
2016-09-08 04:41:51 +0000 Removed all service principals from keytab for realm OSXSERVER.KRYPTED.COM
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/__db.001.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/__db.002.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/__db.003.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/__db.004.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/__db.005.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/__db.006.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/altSecurityIdentities.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/apple-config-realname.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/apple-generateduid.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-memberguid.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-nestedgroup.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-realname.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/apple-hwuuid.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/cn.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/dn2id.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/entryCSN.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/entryUUID.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/gidNumber.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/givenName.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/id2entry.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/ipHostNumber.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000001.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/macAddress.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/memberUid.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/objectClass.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/ou.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/sn.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/uid.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/openldap-data/uidNumber.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/authdata/__db.001.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/authdata/__db.002.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/authdata/__db.003.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/authdata/__db.004.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/authdata/__db.005.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/authdata/__db.006.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/authdata/alock.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/authdata/authGUID.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/authdata/DB_CONFIG.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/authdata/dn2id.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalAliases.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalName.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/authdata/entryCSN.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/authdata/entryUUID.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/authdata/id2entry.bdb.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/authdata/log.0000000001.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/openldap/authdata/objectClass.bdb.
2016-09-08 04:41:51 +0000 Removed directory at path /var/db/openldap/authdata.
2016-09-08 04:41:51 +0000 Removed file at path /etc/openldap/slapd_macosxserver.conf.
2016-09-08 04:41:51 +0000 Removed file at path /etc/openldap/slapd.conf.
2016-09-08 04:41:51 +0000 Removed file at path /etc/openldap/rootDSE.ldif.
2016-09-08 04:41:51 +0000 Removed file at path /var/db/dslocal/nodes/Default/groups/com.apple.access_dsproxy.plist.
2016-09-08 04:41:51 +0000 Removed directory at path /etc/openldap/slapd.d/cn=config.
2016-09-08 04:41:51 +0000 Removed file at path /etc/openldap/slapd.d/cn=config.ldif.
2016-09-08 04:41:51 +0000 Removed directory at path /etc/openldap/slapd.d.
2016-09-08 04:41:51 +0000 Removed directory at path /etc/openldap/slapd.d.backup/cn=config.
2016-09-08 04:41:51 +0000 Removed file at path /etc/openldap/slapd.d.backup/cn=config.ldif.
2016-09-08 04:41:51 +0000 Removed directory at path /etc/openldap/slapd.d.backup.
2016-09-08 04:41:55 +0000 Stopping password server
2016-09-08 04:41:55 +0000 Removed file at path /Library/Preferences/com.apple.openldap.plist.
Sep 7 23:43:23 osxserver com.apple.WebKit.WebContent[1064]: [23:43:23.061] <<<< VideoMentor >>>> videoMentorThreadForwardPlayback: (0x7fea1d938e40) startCursor PTS 0.033 > target startPTS 0.000; sending timestamp interval for that gap