[Samba] DomainDnsZone Replication Shows 200,000 Objects

Achim Gottinger achim at ag-web.biz
Fri Jan 10 18:33:57 MST 2014

Am 11.01.2014 02:05, schrieb lp101:
> Just an FYI. I reverted the tombstone back to 180 and replication 
> sprang back to life. This was on the DC that held all the FSMO roles. 
> While things are working again I'm still back to square one with all 
> the deleted domain entries.
Thank you for the status update. I have to add two more servers to one 
domain whom will be connected via 1-2MBit SDSL lines, looking at the 
time it took your server to replicate the dns database during join makes 
me curious how long it will take on my side.
You said your servers had different amounts of deleted records, is that 
still the case after you got replication working? If not did they diminish?
My test setup was pretty simple two servers connected via an 2GBit VM 
interface. So the changes i made to the tomstoneLifetime attribute 
should have been replicated almost instantly.
On an bigger setup it may be better to wait till the change got 
replicated to all dc's. The purging of outdated deleted object should 
also happen on a daily basis without an restart of the samba services. I 
think the active directory docs mentioned somewhere that ad objects do 
not get deleted if there are replication errors. I'd change the 
attribute more modest to for example 160 days and wait till samba-tool 
drs shorrepl shows an successfull replication after the modification.

More information about the samba mailing list