[Samba] Unable to join DC to domain
Rowland penny
rpenny at samba.org
Sun Mar 27 09:02:49 UTC 2016
On 27/03/16 07:25, IT Admin wrote:
> I ran ldbsearch on my sam.ldb
> I searched for CBADC02, CBADC03, and TESTES (all VMs that fail to join
> domain), results are below:
>
>
> CBADC02 shows up a few times:
>
> # record 1906
> dn:
> CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec9,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu$
> objectClass: top
> objectClass: server
> instanceType: 4
> whenCreated: 20160310044543.0Z
> uSNCreated: 4215
> objectGUID: de85228c-f92b-4d5d-9d6a-01c3f915dec9
> systemFlags: 1375731712
> dNSHostName: cbadc02.cb.cliffbells.com
> cn:: Q0JBREMwMgpERUw6ZGU4NTIyOGMtZjkyYi00ZDVkLTlkNmEtMDFjM2Y5MTVkZWM5
> isDeleted: TRUE
> name:: Q0JBREMwMgpERUw6ZGU4NTIyOGMtZjkyYi00ZDVkLTlkNmEtMDFjM2Y5MTVkZWM5
> lastKnownParent:
> CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configurati
> on,DC=cb,DC=cliffbells,DC=com
> isRecycled: TRUE
> whenChanged: 20160319092438.0Z
> uSNChanged: 4261
> distinguishedName:
> CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec9,CN=Se
> rvers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbell
> s,DC=com
>
>
> # record 2372
> dn: CN=NTDS
> Settings\0ADEL:a5d3b626-e936-4a65-97bc-cade176d1b10,CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec$
> objectClass: top
> objectClass: applicationSettings
> objectClass: nTDSDSA
> instanceType: 4
> whenCreated: 20160310044546.0Z
> uSNCreated: 4214
> objectGUID: a5d3b626-e936-4a65-97bc-cade176d1b10
> systemFlags: 33554432
> cn::
> TlREUyBTZXR0aW5ncwpERUw6YTVkM2I2MjYtZTkzNi00YTY1LTk3YmMtY2FkZTE3NmQxYjEw
> isDeleted: TRUE
> name::
> TlREUyBTZXR0aW5ncwpERUw6YTVkM2I2MjYtZTkzNi00YTY1LTk3YmMtY2FkZTE3NmQxYjE
> w
> isRecycled: TRUE
> whenChanged: 20160319092438.0Z
> uSNChanged: 4259
> distinguishedName: CN=NTDS
> Settings\0ADEL:a5d3b626-e936-4a65-97bc-cade176d1b10
> ,CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec9,CN=Servers,CN=Default-
> First-Site-Name,CN=Sites,CN=Configuration,DC=cb,DC=cliffbells,DC=com
>
>
>
> # record 3275
> dn: CN=CBADC02\0ADEL:b34ccfd9-0f88-4f7b-8c00-3296ed92507d,CN=Deleted
> Objects,DC=cb,DC=cliffbells,DC=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> objectClass: computer
> instanceType: 4
> whenCreated: 20160321212014.0Z
> uSNCreated: 4287
> objectGUID: b34ccfd9-0f88-4f7b-8c00-3296ed92507d
> userAccountControl: 4128
> objectSid: S-1-5-21-2555112579-3841919511-698463993-1602
> sAMAccountName: CBADC02$
> isDeleted: TRUE
> lastKnownParent: OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com
> isRecycled: TRUE
> cn:: Q0JBREMwMgpERUw6YjM0Y2NmZDktMGY4OC00ZjdiLThjMDAtMzI5NmVkOTI1MDdk
> name:: Q0JBREMwMgpERUw6YjM0Y2NmZDktMGY4OC00ZjdiLThjMDAtMzI5NmVkOTI1MDdk
> whenChanged: 20160327050242.0Z
> uSNChanged: 4293
> distinguishedName:
> CN=CBADC02\0ADEL:b34ccfd9-0f88-4f7b-8c00-3296ed92507d,CN=De
> leted Objects,DC=cb,DC=cliffbells,DC=com
>
>
>
>
>
> # record 3481
> dn: CN=CBADC02\0ADEL:ec36364c-6f01-4c82-be95-8def84528d9a,CN=Deleted
> Objects,DC=cb,DC=cliffbells,DC=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> objectClass: computer
> instanceType: 4
> whenCreated: 20160310044542.0Z
> uSNCreated: 4212
> objectGUID: ec36364c-6f01-4c82-be95-8def84528d9a
> userAccountControl: 532480
> objectSid: S-1-5-21-2555112579-3841919511-698463993-1122
> sAMAccountName: CBADC02$
> dNSHostName: cbadc02.cb.cliffbells.com
> cn:: Q0JBREMwMgpERUw6ZWMzNjM2NGMtNmYwMS00YzgyLWJlOTUtOGRlZjg0NTI4ZDlh
> whenChanged: 20160318045619.0Z
> isDeleted: TRUE
> uSNChanged: 4253
> name:: Q0JBREMwMgpERUw6ZWMzNjM2NGMtNmYwMS00YzgyLWJlOTUtOGRlZjg0NTI4ZDlh
> lastKnownParent: OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com
> isRecycled: TRUE
> distinguishedName:
> CN=CBADC02\0ADEL:ec36364c-6f01-4c82-be95-8def84528d9a,CN=De
> leted Objects,DC=cb,DC=cliffbells,DC=com
>
>
>
>
>
>
>
>
> CBADC03 is there once:
>
>
>
> # record 3431
> dn:
> CN=CBADC03\0ADEL:0d3362c2-c153-415e-b077-0772a61b96b5\0ADEL:0d3362c2-c153-415e-b077-0772a61b96b5,CN=Deleted
> Obje$
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> objectClass: computer
> instanceType: 4
> whenCreated: 20160321211933.0Z
> uSNCreated: 4286
> objectGUID: 0d3362c2-c153-415e-b077-0772a61b96b5
> userAccountControl: 4128
> objectSid: S-1-5-21-2555112579-3841919511-698463993-1601
> sAMAccountName: CBADC03$
> isDeleted: TRUE
> lastKnownParent: CN=LostAndFound,DC=cb,DC=cliffbells,DC=com
> isRecycled: TRUE
> cn::
> Q0JBREMwMwpERUw6MGQzMzYyYzItYzE1My00MTVlLWIwNzctMDc3MmE2MWI5NmI1CkRFTDowZ
> DMzNjJjMi1jMTUzLTQxNWUtYjA3Ny0wNzcyYTYxYjk2YjU=
> name::
> Q0JBREMwMwpERUw6MGQzMzYyYzItYzE1My00MTVlLWIwNzctMDc3MmE2MWI5NmI1CkRFTDo
> wZDMzNjJjMi1jMTUzLTQxNWUtYjA3Ny0wNzcyYTYxYjk2YjU=
> whenChanged: 20160327050527.0Z
> uSNChanged: 4294
> distinguishedName:
> CN=CBADC03\0ADEL:0d3362c2-c153-415e-b077-0772a61b96b5\0ADEL
> :0d3362c2-c153-415e-b077-0772a61b96b5,CN=Deleted
> Objects,DC=cb,DC=cliffbells,
> DC=com
>
>
>
> TESTES is nowhere to be found and still fails due to ObjectSID. I don't
> understand how that is even possible. I also manually inspected ADUC,
> ADSS, ADSIEdit and DNS in RSAT for both of my live DCs (FILER & CBADC01)
> and removed all references to CBADC02 & CBADC03. Replication between FILER
> and CBADC01 is successful. RSync replication of sysvol from FILER to
> CBADC01 is running via cron.
>
> I am spun. I've been banging my head against Samba since 12/17/2015.
> Please advise, I need to get these VMs joined to the domain so I can sieze
> FSMO roles off of FILER so I don't have to keep restoring this ^&*(@^#()*&^
> database every 36 hours.
>
>
> JS
>
OK, so you cannot join another DC and you have to keep restoring every
36 hours, doesn't this tell you something ?
It looks like the database you keep restoring is badly corrupted, you
should also be aware that you shouldn't restore a DC if another DC in
the domain is running.
Are 'FILER' and 'CBADC01' joined ?
If so, is 'FILER' the only database that is giving problems ?
If so, then I think your best option is to seize all the fsmo roles to
'CBADC01', turn off 'FILER' and then try to join a new DC to 'CBADC01'
Rowland
More information about the samba
mailing list