[Samba] unique index violation on objectSid
mathias dufresne
infractory at gmail.com
Tue Jun 28 14:44:10 UTC 2016
2016-06-28 14:22 GMT+02:00 valera <valera at zvn.p98.belkam.com>:
> 28.06.2016 15:50, mathias dufresne:
> > Here I'm thinking of two workarounds. The first one would be to list
> > deleted objects RIDs, to verify RID=2002 is really the last one used,
> > being sure there is no deleted object with RID=2003 and so on. Then once
> > you get the last RID used, you could change RidNextRid to match this
> > maximum value of used RID.
> It is safe to change RidNextRid? I correctly understand that RidNextRid
> should be changed on the DC, where rIDPreviousAllocationPool contains
> RID of last created object?
>
No idea if it is safe. I just meant that's I would try : )
About where to change it, not much more idea. I would change it on the DC
you tried to add user because this is the DC which refused to use the RID
pool it was given because RidNextRid contains a value too low compared to
already given RID.
I did searched on my FSMO owner for " CN=RID Set" and I receive one answer
per DC. Each with different rIDAllocationPool of course.
I believe I read something here about something not replicated (no time to
re-read the whole thread carefully enough, sorry), if you change rIDNextRID
by hand just check on others DC your change is replicated, to keep a DB
consistent. I expect it is replicated, that would be a simple way for FSMO
RID master to know it has to give more RIDs pools.
>
> > The second would be a lazy action: change tombstoneLifetime which is by
> > default 180 days to only 1 day. Doing that tomorrow all deleted objects
> > will be deleted and if you are lucky - I can't guaranty that will work -
> > you will able to reuse these RIDs.
> No, to only 1 day is it impossible:
> https://technet.microsoft.com/en-us/library/dd392260(v=ws.10).aspx If
> the value is less than 3 days, the tombstone lifetime is 3 days.
>
1 day is accepted by Samba DB. I did tried : )
I'm not sure if my objects were deleted just 24 hours after the change or
earlier or later. Anyway 1 or 3 days could be an acceptable delay to
auto-solve an unsolvable issue. At least for me it seems acceptable ;)
The point of that change is you are diving into unknown when playing with
RID pool data seems a bit of a dive.
>
> >
> > Hoping this helps...
> And I...
>
> Valery
>
More information about the samba
mailing list