[Samba] samba AD - bind - deleted DNS entries are not removed completely

Rowland Penny rpenny at samba.org
Wed Nov 21 20:09:17 UTC 2018

On Wed, 21 Nov 2018 20:48:34 +0100
Kacper Wirski via samba <samba at lists.samba.org> wrote:

> So in my case - is it safe to delete directly using ldbdel or using 
> windows ADSI gui ldap editor? Or is there another way? What is the
> right way to do it?
> something like:
> ldbdel -H /usr/local/samba/private/sam.ldb 
> -b"DC=DomainDnsZones,DC=mydomain,DC=com '(dNSTombstoned: TRUE)' ?

Close, the syntax is:

ldbdel -H /path/to/sam.ldb The_Full_DN_To_Delete

You may or may not need to authenticate.

> I read in samba 4.9 new features release notes about scavenging but
> I'm not sure if it's the same thing as in the posted link and anyway
> - this feature only supposedly works only in new zones.

Yes that's it


More information about the samba mailing list