[Samba] dbtool --cross-ncs and undeletable errors..
vincent at cojot.name
vincent at cojot.name
Tue Jan 22 20:19:10 UTC 2019
On Tue, 22 Jan 2019, Rowland Penny via samba wrote:
> On Tue, 22 Jan 2019 14:20:21 -0500 (EST)
> "Vincent S. Cojot via samba" <samba at lists.samba.org> wrote:
>
>>
>> Hi All,
>>
>> On my two-DC setup (dc00 and dc01 - Used to be a 4-Dc setup but 02
>> and 03 are gone), I've noticed the following errors which I am unable
>> to fix.. Any hints?
>>
>> * Basic dbcheck is clean.
>>
>> [root at dc00 ~]# samba-tool dbcheck
>> Checking 327 objects
>> Checked 327 objects (0 errors)
>>
>> * Cross-NCS shows two errors related to a de-comissionned DC (dc02)
>> and cannot auto-fix this.. How do I fix those errors?
>>
>> [root at dc00 ~]# samba-tool dbcheck --cross-ncs --fix --yes
>> Checking 3574 objects
>> ERROR: no target object found for GUID component for link fromServer
>> in object
>> CN=4b3f95b1-7774-42cf-8bc0-755c7d29f6cc,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn
>> - <GUID=c8bf60b8-c3b9-442f-a330-d706221bc889>;CN=NTDS
>> Settings\0ADEL:c8bf60b8-c3b9-442f-a330-d706221bc889,CN=DC02\0ADEL:53a02791-a186-4a2f-aef9-6e180b814d8a,CN=Servers,CN=Krynn,CN=Sites,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn
>> ERROR: target DN is deleted for fromServer in object
>> CN=4b3f95b1-7774-42cf-8bc0-755c7d29f6cc,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn
>> - <GUID=c8bf60b8-c3b9-442f-a330-d706221bc889>;CN=NTDS
>> Settings\0ADEL:c8bf60b8-c3b9-442f-a330-d706221bc889,CN=DC02\0ADEL:53a02791-a186-4a2f-aef9-6e180b814d8a,CN=Servers,CN=Krynn,CN=Sites,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn
>> Target GUID points at deleted DN
>> '<GUID=c8bf60b8-c3b9-442f-a330-d706221bc889>;CN=NTDS
>> Settings\\0ADEL:c8bf60b8-c3b9-442f-a330-d706221bc889,CN=DC02\\0ADEL:53a02791-a186-4a2f-aef9-6e180b814d8a,CN=Servers,CN=Krynn,CN=Sites,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn'
>> Remove DN link? [YES]
>> ERROR: Failed to remove deleted DN attribute fromServer : (65,
>> "objectclass_attrs: at least one mandatory attribute ('fromServer')
>> on entry
>> 'CN=4b3f95b1-7774-42cf-8bc0-755c7d29f6cc,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn'
>> wasn't specified!")
>>
>>
>> Thanks for any hints/pointers.
>>
>> Vincent
>>
>
> This isn't an error, if you look very carefully at the 'link' you will
> see 'DEL'. This means the record is a 'DELETED' record, you cannot
> delete a 'DELETED' record ;-)
>
> If you wait for 180 days minus the number of days since you
> decommissioned the DC, the record will just go away.
>
> Rowland
Hi Rowland,
Thank you for your quick reply. Is there a way to force an expire on those
things so I can get past those errors and only consider new errors as
'new'? It's been about 4-5 months since I removed those DCs but an
ldbsearch shows more objects in need of purge (Computers that were
removed, users too).
If I wanted to clean this manually, I guess I could do the following (but
I'm sure I'd -want- to do that):
export LDB_MODULES_PATH=/usr/lib64/samba/ldb
ldbedit -e nano -H /var/lib/samba/private/sam.ldb --cross-ncs \
--show-deleted --show-deactivated-link --extended-dn
(and then light a few candles, I guess)..
Is there a way to do that saefly using RSAT?
Thanks,
Vincent
More information about the samba
mailing list