[Samba] restore deleted user (ldbrename) on samba 4.9.1 fails
Oliver Heinz
o.heinz at schunk.net
Tue Oct 16 10:29:53 UTC 2018
The output below was on a test environment with only one DC (it is the
wiki example domain with dc1 and m1).
So this way might be broken completely.
Did anybody try it the Microsoft way? The "new" Active Directory
Administrative Centre seems to not not work with Samba AD, right? Is
anybody aware of other working methods like ldp.exe or PowerShell?
TIA,
Oliver
Am 15.10.18 um 16:27 schrieb Stefan Kania via samba:
> sorry it's not working any more. At least if you have more then one DC.
> I didn't get an answer to this problem so that's the reason why it will
> not be part of the new samba4 book :-(
>
>
> Am 15.10.2018 um 15:47 schrieb Oliver Heinz via samba:
>> Dear list,
>>
>> I am trying to restore an deleted user object with samba 4.9.1 (sernet
>> packages). I am aware that the object will lose some attributes without
>> recycle bin enabled (enabling it is still not recommended, right?)
>> I tried to rename the object in order to make the necessary
>> modifications afterward (as documented in Stefan Kania's Samba 4 book).
>> But ldbrename already fails.
>>
>> root at dc1:~# samba-tool user create testuser
>> New Password:
>> Retype Password:
>> User 'testuser' created successfully
>>
>> root at dc1:~# samba-tool user delete testuser
>> Deleted user testuser
>>
>> root at dc1:~# ldbsearch -H ldap://localhost -U administrator
>> --password="Passw0rd" --show-deleted "cn=testuser\0ADEL:*"
>> # record 1
>> dn: CN=testuser\0ADEL:d4357200-a367-4601-93df-8c769f1d0e4f,CN=Deleted
>> Objects,DC=samdom,DC=example,DC=com
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: user
>> instanceType: 4
>> whenCreated: 20181015123644.0Z
>> uSNCreated: 4038
>> objectGUID: d4357200-a367-4601-93df-8c769f1d0e4f
>> objectSid: S-1-5-21-2104162034-3764151921-3268498227-1112
>> sAMAccountName: testuser
>> userAccountControl: 512
>> isDeleted: TRUE
>> lastKnownParent: CN=Users,DC=samdom,DC=example,DC=com
>> isRecycled: TRUE
>> cn:: dGVzdHVzZXIKREVMOmQ0MzU3MjAwLWEzNjctNDYwMS05M2RmLThjNzY5ZjFkMGU0Zg==
>> name:: dGVzdHVzZXIKREVMOmQ0MzU3MjAwLWEzNjctNDYwMS05M2RmLThjNzY5ZjFkMGU0Zg==
>> whenChanged: 20181015123702.0Z
>> uSNChanged: 4041
>> distinguishedName:
>> CN=testuser\0ADEL:d4357200-a367-4601-93df-8c769f1d0e4f,CN=D
>> eleted Objects,DC=samdom,DC=example,DC=com
>>
>> # Referral
>> ref: ldap://samdom.example.com/CN=Configuration,DC=samdom,DC=example,DC=com
>>
>> # Referral
>> ref:
>> ldap://samdom.example.com/DC=DomainDnsZones,DC=samdom,DC=example,DC=com
>>
>> # Referral
>> ref:
>> ldap://samdom.example.com/DC=ForestDnsZones,DC=samdom,DC=example,DC=com
>>
>> # returned 4 records
>> # 1 entries
>> # 3 referrals
>>
>> root at dc1:~# ldbrename -H ldap://localhost -Uadministrator
>> --password="Passw0rd"
>> "CN=testuser\0ADEL:d4357200-a367-4601-93df-8c769f1d0e4f,CN=Deleted
>> Objects,DC=samdom,DC=example,DC=com"
>> "CN=testuser,CN=Users,DC=samdom,DC=example,DC=com"
>> rename of
>> 'CN=testuser\0ADEL:d4357200-a367-4601-93df-8c769f1d0e4f,CN=Deleted
>> Objects,DC=samdom,DC=example,DC=com' to
>> 'CN=testuser,CN=Users,DC=samdom,DC=example,DC=com' failed - LDAP error
>> 32 LDAP_NO_SUCH_OBJECT - <00002030: ldb_wait from
>> ../source4/ldap_server/ldap_backend.c:487 with LDB_WAIT_ALL: No such
>> object (32)> <>
>>
>> Verbose and trace give no further hint. Any ideas? Seems to have work in
>> earlier versions.
>>
>> With a regular LDAP we can use LDIF dumps to restore objects, not
>> comfortable but working. But this is not working for AD as it is not
>> allowed to objects with an objectSid, right?
>> Is there another (recommended) way to restore deleted objects (
>> particularly users and groups).
>>
>>
>>
>> TIA,
>> Oliver
>>
>>
>
>
>
>
More information about the samba
mailing list