DNS scavenging, big DCDOMAINZONES ldb etc.
Лыков Михаил
combr at samges.ru
Thu Jul 30 10:20:19 UTC 2015
29.07.2015 20:20, Denis Cardon пишет:
> ldbsearch --cross-ncs --show-deleted -H /usr/local/samba/private/sam.ldb
> -b "CN=Deleted Objects,DC=DomainDnsZones,DC=tranquilit,DC=local" objectGUID
>
> Then you select the entries with same objectGUID on the two servers. If
> you have an entry which is not on the both servers, it means that the
> deletion process has not yet been replicated across all your DCs, and
> you should delete that entry.
You mean "should not" delete not-replicated entries?
I must delete only replicated (same on both servers), as far I can
understand.
But can I delete it online? If I delete it online on one server, will it
be replicate from other in a day or two, or not? Or I must delete it on
one, and when it finished I start deleting on other immediately?
> From those deleted entries that have been properly replicated, you take
> the DN and delete it with ldbdel on both servers.
> ldbdel -H --cross-ncs --show-deleted <DN>
>
> In don't think it is possible to directly pass an ldap filter to ldbdel.
> But you can script something quickly with bash or python.
Ok, thanks.
--
Mike Lykov, system administrator
More information about the samba-technical
mailing list