upgradeprovision --full fails to find CN=NTDS Settings
Michael Wood
esiotrot at gmail.com
Thu Jan 5 04:04:47 MST 2012
Hi
On 5 January 2012 09:26, Matthieu Patou <mat at samba.org> wrote:
> On 03/01/2012 14:40, Michael Wood wrote:
>>
>> There are now only a couple of issues left as far as I can see. If I
>> run "upgradeprovision --full" again, it says "There are 2 missing
>> objects". I assume that should not be the case?
>>
>> Creating a reference provision
>> No IPv6 address will be assigned
>> Copy privilege
>> Update base samdb by searching difference with reference one
>> Starting update of samdb
>> There are 2 missing objects
>
> What --debugall says about this objects ?
The full debug output is quite long, so I've attached it to the bug report.
Here are the objects it's complaining about:
There are 2 missing objects
Object CN=e83daa04-ca41-468f-9c69-4d08cae983e3,CN=Partitions,CN=Configuration,DC=example,DC=com
will be added
Object CN=ecce2cac-d76f-408a-8bf8-067d32debecd,CN=Partitions,CN=Configuration,DC=example,DC=com
will be added
Not applying delta to @ATTRIBUTES because there is not only add
Later it says:
Some defaultSecurityDescriptors and/orsecurityDescriptor have changed,
recalculating SD
72 DNs have been marked as needed to be recalculated, recalculating 72
due to inheritance
Checking recalculated SDs
On object CN=e83daa04-ca41-468f-9c69-4d08cae983e3,CN=Partitions,CN=Configuration,DC=example,DC=com
ACL is different
Owner mismatch: EA (in ref) SY(in current)
Group mismatch: DU (in ref) SY(in current)
On object CN=ecce2cac-d76f-408a-8bf8-067d32debecd,CN=Partitions,CN=Configuration,DC=example,DC=com
ACL is different
Owner mismatch: EA (in ref) SY(in current)
Group mismatch: DU (in ref) SY(in current)
On object DC=l.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=example,DC=com
ACL is different
Owner mismatch: LA (in ref) DA(in current)
Part dacl is different between reference and current here is the detail:
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;LA) ACE is not present in the current
(A;CIID;RPWPCRCCDCLCRCWOWDSDDTSW;;;S-1-5-21-1669749161-1492036150-3562756080-1102)
ACE is not present in the current
(A;CIID;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED) ACE is not present in the current
[...]
I see no other mention of those objects in the debug output.
>> Also, samba-tool dbcheck complains about the following two things it can't
>> fix:
>>
>> ERROR: missing GUID component for wellKnownObjects in object
>> DC=DomainDnsZones,DC=example,DC=com -
>> B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted
>> Objects,DC=DomainDnsZones,DC=example,DC=com
>> unable to find object for DN CN=Deleted
>> Objects,DC=DomainDnsZones,DC=example,DC=com - (No such Base DN:
>> CN=Deleted Objects,DC=DomainDnsZones,DC=example,DC=com)
>> Not removing dangling forward link
>> ERROR: missing GUID component for wellKnownObjects in object
>> DC=ForestDnsZones,DC=example,DC=com -
>> B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted
>> Objects,DC=ForestDnsZones,DC=example,DC=com
>> unable to find object for DN CN=Deleted
>> Objects,DC=ForestDnsZones,DC=example,DC=com - (No such Base DN:
>> CN=Deleted Objects,DC=ForestDnsZones,DC=example,DC=com)
>> Not removing dangling forward link
>>
>> Should upgradeprovision have created those Base DNs? Are these
>> perhaps the two "missing objects" that upgradeprovision mentions when
>> it runs?
>
> It's because the code for upgradeprovision is not complete yet to correctly
> cope with missing partitions
OK thanks.
--
Michael Wood <esiotrot at gmail.com>
More information about the samba-technical
mailing list