[Samba] [samba] AD, 4.5.0, DRS or deletion question

[mathias dufresne]

Hi all,

I have a strange behaviour on our AD.

DC=ForestDnsZones,DC=ad,DC=domain,DC=tld
        Authentification\DC208 via RPC
                DSA object GUID: 20f711ed-cb02-4543-badb-28d3ed4c4ae1
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=ForestDnsZones,DC=ad,DC=domain,DC=tld
        NTDS DN: CN=NTDS
Settings\0ADEL:9a4b7c54-ae49-484b-baaa-524621ddb52e,CN=DC208\0ADEL:107ed4a0-9197-469c-a3e0-d981d9e266b6,CN=Servers,CN=Authentification,CN=Sites,CN=Configuration,DC=ad,DC=infra,DC=dgfip
                DSA object GUID: 9a4b7c54-ae49-484b-baaa-524621ddb52e
                Last attempt @ Tue Dec 13 17:38:52 2016 CET failed, result
2 (WERR_BADFILE)
                367327 consecutive failure(s).
                Last success @ Fri Nov 18 10:58:08 2016 CET

This is an extract of "samba-tool drs showrepl" on one server. One block
lists update against a real DC (DC208) and the other one shows update
against deleted DC, the same DC208 but its old object.

This deleted object appears on every DIT except "schema" and
"configuration" (both haven't changed for a while).

Most important question: How can this be possible?

A lower important question: How to get rid of that? Except modifying
tombstoneLifetime.

Cheers : )