[Samba] Undeletable objects in AD

[Rowland Penny]

On Mon, 23 Jul 2018 14:02:45 +0200
Henry Jensen via samba <samba at lists.samba.org> wrote:

> On Mon, 23 Jul 2018 11:27:38 +0100
> Rowland Penny via samba <samba at lists.samba.org> wrote:
> 
> 
> > How are you searching and what with ?
> 
> I used the ADUC tool and LDAPAdmin.
> 
> > 
> > Have you tried ldbedit ?
> > 
> > ldbedit -e <your favourite editor> -H /path/to/sam.ldb
> > 
> > This will display everything in the editor and you can then search
> > in that for the groups. You should then be able to create a filter
> > to delete the groups
> 
> 
> 
> Yes, the objects in question are displayed, one of them looks like
> this:
> 
> # record 46  
> dn:
> CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan
> cn:: cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtcnc=
> instanceType: 4 whenCreated: 20180720113100.0Z
> uSNCreated: 5982
> name::
> cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtcnc=
> objectGUID: ecbda919-4c16-4d06-9695-2540e35b44da objectSid:
> S-1-5-21-4144324718-2848790307-3888702956-3897 sAMAccountName::
> cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtc nc=
> sAMAccountType: 268435456
> groupType: -2147483646
> objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=iww,DC=lan
> gidNumber: 1448
> objectClass: top
> objectClass: posixGroup
> objectClass: group
> msSFU30NisDomain: iww
> whenChanged: 20180720113106.0Z
> uSNChanged: 15576
> distinguishedName::
> Q049cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taX
> NjaGUtcncsQ049VXNlcnMsREM9aXd3LERDPWxhbg==
> 
> However, "ldbdel -H /var/lib/samba/private/sam.ldb
> 'CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan'"
> doesn't work, it says "entry does not exist"

Try it without the single quotes around the DN
If this doesn't work, try opening AD in ldbedit again and manually
delete all the object lines (including the 'record' line)

By the way, I do hope you have a backup.

Rowland