[Samba] Problems in applying GPO and DNS domain name resolution issues

Anantha Raghava raghav at exzatechconsulting.com
Wed May 24 03:39:26 UTC 2017


We are using Samba AD 4.6.3 and built it from source on CentOS 7. The 
DNS back end is BIND 9.9.4

Initially all replications were working fine and all group policies were 
getting applied.

All of a sudden, we are finding that GPO applying process is erratic. 
Sometime it applies and sometimes not. We have edited the Default Policy 
using Windows RAST tool.

Thinking that ACLs on "Sysvol" are incorrect, we reset the SYSVOL using 
"samba-tool ntacl sysvolrest" command. The problems are persisting. Many 
client workstations, do not get the policies.

Another observation:

The DNS,when queried for domain name throws up the domain controller 
address randomly. That is we have 3 Domain controllers and two of them 
are turned off for confirming whether there is any network issues. DNS 
randomly throws up the domain controller details that are turned off and 
the client workstation reports, cannot find the domain controller.

Now our questions are:

a. Why the policy deployment is erratic? and

b. Is there a manner in which we can set the Domain Controller 
priorities in DNS?

Await some guidance.


Thanks & Regards,

Anantha Raghava

This e-mail communication and any attachments may be privileged and 
confidential to eXza Technology Consulting & Services, and are intended 
only for the use of the recipients named above If you are not the 
addressee you may not copy, forward, disclose or use any part of it. If 
you have received this message in error, please delete it and all copies 
from your system and notify the sender immediately by return e-mail. 
Internet communications cannot be guaranteed to be timely, secure, error 
or virus-free. The sender does not accept liability for any errors or 

Do not print this e-mail unless required. Save Paper & trees.

More information about the samba mailing list