[Samba] Undeletable objects in AD

Henry Jensen hjensen at mailbox.org
Mon Jul 23 13:01:19 UTC 2018 

On Mon, 23 Jul 2018 13:12:42 +0100
Rowland Penny via samba <samba at lists.samba.org> wrote:

> On Mon, 23 Jul 2018 14:02:45 +0200
> Henry Jensen via samba <samba at lists.samba.org> wrote:
> > 
> > Yes, the objects in question are displayed, one of them looks like
> > this:
> > 
> > # record 46  
> > dn:
> > CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan
> > cn:: cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtcnc=
> > instanceType: 4 whenCreated: 20180720113100.0Z
> > uSNCreated: 5982
> > name::
> > cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtcnc=
> > objectGUID: ecbda919-4c16-4d06-9695-2540e35b44da objectSid:
> > S-1-5-21-4144324718-2848790307-3888702956-3897 sAMAccountName::
> > cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtc nc=
> > sAMAccountType: 268435456
> > groupType: -2147483646
> > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=iww,DC=lan
> > gidNumber: 1448
> > objectClass: top
> > objectClass: posixGroup
> > objectClass: group
> > msSFU30NisDomain: iww
> > whenChanged: 20180720113106.0Z
> > uSNChanged: 15576
> > distinguishedName::
> > Q049cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taX
> > NjaGUtcncsQ049VXNlcnMsREM9aXd3LERDPWxhbg==
> > 
> > However, "ldbdel -H /var/lib/samba/private/sam.ldb
> > 'CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan'"
> > doesn't work, it says "entry does not exist"  
> 
> Try it without the single quotes around the DN
> If this doesn't work, try opening AD in ldbedit again and manually
> delete all the object lines (including the 'record' line)

I tried it on my test environment (didn't want to do it in production) first.

Still no luck - when i delete the entire object with ldbedit it says 

"failed to delete CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan
- objectclass: Cannot delete CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan,
entry does not exist!"

So, no chance to get them out of there easy way? 

Strange how they got in there  in the first place by classicupgrade.
Because I knew that umlauts can lead to problems I renamed those
objects in the original OpenLDAP tree before doing the classicupgrade.

The renamed groups got migrated to AD and I can manage them without
problems, but there are also the groups with umlauts (they even have the same GIDs).


Kind regards,
Henry

More information about the samba mailing list