rob at ision.nl
Sat Dec 7 05:02:43 MST 2013
During my actions to transfer a domain controller role from a Windows 2003 server to Samba
(now version 4.0.12) and generally cleaning up the domain I made the mistake to manually delete a
record from a "deleted objects" zone. I now understand that I should have waited until it would
have gone away by itself.
Ever since, the following message is regularly logged:
../source4/dsdb/kcc/kcc_deleted.c:134: Failed to remove deleted object DC=example-ws13\0ADEL:cc0f8973-0d47-4c54-b2d9-db40346f4384,CN=Deleted Objects,DC=DomainDnsZones,DC=example,DC=com
I have examined the source code but I don't quite understand what is happening. It appears
that the code is listing everything present in that zone, finds the record that I once deleted,
tries to delete it and gets a failure message (because it is already deleted?)
As far as I understand it gets the list of records to delete from the same place where it also
does the deletions. But if that were true, why does it still find it? Is there a separate list of
records to be deleted somewhere else? How can I clean that?
Furthermore, after I demoted the Windows DC I no longer can find that whole DC=DomainDnsZones
zone in the AD using the different tools available on Windows to browse AD, LDAP etc.
I have since moved DNS from bind to internal DNS, the DNS works fine, but it does not appear
to use that zone in AD anymore. How come the kcc still knows about it?
More information about the samba