problem with GPO Policy after rename
dmulder at samba.org
Tue Jan 31 14:49:37 UTC 2023
On 1/30/23 11:46 PM, itdept_head via samba-technical wrote:
> Samba 4.14.4
> Migrated a domain. with a Rename.
> The domain is up and resolving correctly and logs in etc. (seems to function totally correctly)
> As stated in documents the GPO point to the old domain.
> Old: ns01.Jim.com
> New: org.bob.com
> However this hangs the windows 10 gpmc.msc tool.
> Forest: org.bob.com
> Domains: org.bob.com
> as soon as you select the “org.bob.com” to maintain the tree of users/gpo ,etc you get into an endless loop since “ns01.jim.com” cannot be found (also you might not want it referencing the old domain)
> “Domain: ns01.Jim.com”
> “The specified domain either does not exist or could not be contacted.”
> This then puts the MS tools into a tight loop with no cancel options.
> Where is this reference to “Domain: ns01.Jim.com”. kept in the LDAP.
> Totally deleting the GPO from SYSVOL AND going into CN=Policies.CN=System. To delete any used GPO links , and restarting the samba does not remove the references.
IIRC, these are kept in 'CN=Policies,CN=System' in ldap. I think the
objectClass is 'groupPolicyContainer'. I'm just skimming through code to
see these. You should be able to do a subtree search for
'(objectClass=groupPolicyContainer)' to find all your GPOs.
Labs Software Engineer, Samba
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
dmulder at suse.com
More information about the samba-technical