[Samba] possible to use ldbedit in a safe way
lingpanda101 at gmail.com
Mon Oct 16 16:40:18 UTC 2017
On 10/16/2017 11:13 AM, Rowland Penny via samba wrote:
> On Mon, 16 Oct 2017 16:53:17 +0200
> mj via samba <samba at lists.samba.org> wrote:
>> dbcheck tells us we have two "dangling forward links" that I am
>> trying to get rid of. On my test domain, I have simply done
>> ldbedit -e nano -H ./CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=COM
>> to remove them.
>> While that seems to have worked nicely, dbcheck report zero errors
>> now, it is something that I should never have done, or do in
>> production, according to Andrew:
>> "We realise this is a difficult problem for you and other users, but
>> NEVER, EVER do that."
>> So, question: is there a SAFE way to easily get rid of those two
>> "dangling forward links"?
>> (they are Replica-Locations for a DC that has been removed years ago)
> If you need to edit the NCs in sam.ldb.d, use '--cross-ncs' with the
> ldb command, this allows you safely change things. There have been
> reports of AD being destroyed by directly editing the ldb's in sam.ldb.d
You should be able to safely remove those dangling forward links with
#samba-tool domain tombstones expunge
More information about the samba