[Samba] LDB integrity problem

[Daniel Fenert]

Hi,

I've done upgrade from Ubuntu 13.04 (samba 4.0 alpha) -> 13.10 -> 14.04
(samba 4.1.6).

Now it looks I've lost some accounts. samba-tool dbcheck reports
problems but cannot fix them with --fix param:

ERROR: incorrect GUID component for member in object
CN=MobileEX,CN=Users,DC=yyy-local,DC=localdomain -
<GUID=95ec7854-e241-4eaa-9d26-1b836a5cd4b3>;<SID=S-1-5-21-1237243695-3358403904-2149330157-1233>;CN=XXX,CN=Users,DC=yyy-local,DC=localdomain
unable to find object for DN CN=XXX,CN=Users,DC=yyy-local,DC=localdomain
- (No such Base DN: CN=XXX,CN=Users,DC=yyy-local,DC=localdomain)
Not removing dangling forward link
Please use --fix to fix these errors
Checked 355 objects (24 errors)

I don't see these accounts while connecting through LDAP protocol,
ldbsearch also is not finding it while asking for specific DN:

# ldbsearch -H /var/lib/samba/private/sam.ldb --cross-ncs -b
'CN=XXX,CN=Users,DC=yyy-local,DC=localdomain'
search error - No such Base DN: CN=XXX,CN=Users,DC=yyy-local,DC=localdomain

But when searching whole CN=Users lost accounts are shown:

# ldbsearch -H /var/lib/samba/private/sam.ldb --cross-ncs -b
'CN=Users,DC=yyy-local,DC=localdomain'
....
# record 93
dn: CN=XXX,CN=Users,DC=yyy-local,DC=localdomain
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
.....

Another interesting thing - I've tried adding few of lost users, and now
ldbsearch shows 2 entries with same DN!
# ldbsearch -H /var/lib/samba/private/sam.ldb --cross-ncs -b
'CN=Users,DC=yyy-local,DC=localdomain'  |grep ZZZ
dn: CN=ZZZ,CN=Users,DC=yyy-local,DC=localdomain
sn: Rybicki
dn: CN=ZZZ,CN=Users,DC=yyy-local,DC=localdomain
sn: Rybicki

Any ideas how I can revive these users?
It's really important for me to get them back with unchanged GUID...