[Samba] unique index violation on objectGUID, CN=Deleted Objects, DC=samdom, DC=domain

[Ong Yu-Phing]

Hi Andrew, I understand and appreciate that.  However, MS AD being MS 
AD, things do screw up and now I have the situation where i have a set 
of objects with the same objectGUID, albeit one set in the deleted 
objects container, which according to MS will not be removed until 180 
days (probably 170+ days now).

Is there no workaround to this, from the Samba side (or, for that fact, 
from MS, although my and my sysadmins' research shows not, so far)?  My 
experience with AD replication, especially with regional offices in 
areas with poor internet connectivity, is that problems do occur quite 
regularly, and it would be great if Samba is able to cope gracefully 
with these situations.

Thanks.


On 31/01/2013 20:12, Andrew Bartlett wrote:
> On Thu, 2013-01-31 at 10:20 +0800, Ong Yu-Phing wrote:
>> Some (unsuccessful) updates, I've tried with both latest git pull () and
>> samba 4.0.2, both still encounter the same problem.
>>
>> According to MS documentation, seems like I can't really delete objects
>> from the CN=Deleted Objects container, I have to wait for the tombstone
>> garbage collection to get to work, which means I have to wait ~180 days
>> from when the objects were actually deleted.  Does anybody have any idea
>> about how to delete these sooner (NB: the sysadmins thought we could
>> just change tombstone TTL to 1 day, but MS explicitly states this is a
>> bad idea... )
> Samba treats having two objects with the same objectGUID as an
> impossibility, and has been coded with that as a fundamental
> assumption.
>
> Andrew Bartlett
>