[Samba] deleted objects

Fri Jun 9 20:10:57 UTC 2023

Thank you, I can confirm this cleaned things up:

root at dc1 ~# samba-tool domain tombstones expunge --tombstone-lifetime=0
Removed 31 objects and 0 links successfully

The dbcheck is now clean:

root at dc1 ~# samba-tool dbcheck --cross-ncs
Checking 3517 objects
Checked 3517 objects (0 errors)

On Friday, 9 June 2023 at 07:11:22 BST, Rowland Penny via samba <samba at lists.samba.org> wrote: 

On 08/06/2023 23:18, Alexandros Karypidis via samba wrote:
> Hello,
> 
> Just over a week ago, I updated samba 4.17.8-Debian from an old 4.9.x version. Initially I had two domain controllers DC1 and DC2. I did the upgrade as follows:
> 
> 1) Create a new DC3 with the new samba version and make it FSMO
> 2) Demote/delete DC1 and DC2
> 3) Recreate DC1 and DC2
> 4) Demote/delete the temporary DC3 from step (1)
> 
> Everything seems to work fine except I noticed today these messages:
> 
> root at dc1 ~# samba-tool dbcheck
> 
> Checking 291 objects
> NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=RID Set\0ADEL:fad2af7d-0a1b-4434-bbe1-9932faf63f65,CN=Deleted Objects,DC=ad,DC=home,DC=lan - CN=DC2,CN=Computers,DC=ad,DC=home,DC=lan
> Not fixing old string component
> NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=RID Set\0ADEL:379a5d40-b1a6-4c9b-9d10-93038f6a3ece,CN=Deleted Objects,DC=ad,DC=home,DC=lan - CN=DC3,OU=Domain Controllers,DC=ad,DC=home,DC=lan
> Not fixing old string component
> NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=RID Set\0ADEL:a2c4a376-1fc8-49c8-85d6-a46949613b66,CN=Deleted Objects,DC=ad,DC=home,DC=lan - CN=DC1,CN=Computers,DC=ad,DC=home,DC=lan
> Not fixing old string component
> NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=RID Set\0ADEL:b702ac13-935a-4def-9ef6-3dbdca55e820,CN=Deleted Objects,DC=ad,DC=home,DC=lan - CN=DC3,OU=Domain Controllers,DC=ad,DC=home,DC=lan
> Not fixing old string component
> Checked 291 objects (0 errors)
> 
> I get the same in the other domain controller:
> 
> root at dc2 ~# samba-tool dbcheck
> 
> Checking 291 objects
> NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=RID Set\0ADEL:fad2af7d-0a1b-4434-bbe1-9932faf63f65,CN=Deleted Objects,DC=ad,DC=home,DC=lan - CN=DC2,CN=Computers,DC=ad,DC=home,DC=lan
> Not fixing old string component
> NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=RID Set\0ADEL:379a5d40-b1a6-4c9b-9d10-93038f6a3ece,CN=Deleted Objects,DC=ad,DC=home,DC=lan - CN=DC3,OU=Domain Controllers,DC=ad,DC=home,DC=lan
> Not fixing old string component
> NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=RID Set\0ADEL:a2c4a376-1fc8-49c8-85d6-a46949613b66,CN=Deleted Objects,DC=ad,DC=home,DC=lan - CN=DC1,CN=Computers,DC=ad,DC=home,DC=lan
> Not fixing old string component
> NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=RID Set\0ADEL:b702ac13-935a-4def-9ef6-3dbdca55e820,CN=Deleted Objects,DC=ad,DC=home,DC=lan - CN=DC3,OU=Domain Controllers,DC=ad,DC=home,DC=lan
> Not fixing old string component
> Checked 291 objects (0 errors)
> 
> These seem to be leftovers from my prior work and the "CN=Deleted Objects" seems to me like it's some sort of "Recycle Bin" node.

Close, those are described as tombstoned objects.
> 
> 1) Is it ok to run "samba-tool dbcheck --fix --yes" in this state? Will this remove these and clean up the database?

It is probably okay to run that command, but it also probably wont fix 
your problem ;-)

Try reading 'samba-tool domain tombstones expunge --help'

> 
> 2) Should I run the fix only in the FSMO controller and wait for replication to fix the other controller, or do I need to run dbcheck --fix on both?
> 
You should only need to run the command on one DC, replication will fix 
the rest.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba