[Samba] dns replication error due to deleted records

[Rowland penny]

On 11/10/2019 18:50, Luca Olivetti via samba wrote:
> El 11/10/19 a les 17:29, Rowland penny via samba ha escrit:
>> On 11/10/2019 16:02, Luca Olivetti via samba wrote:
>>> El 11/10/19 a les 16:59, Luca Olivetti via samba ha escrit:
>>>> El 11/10/19 a les 16:12, Rowland penny via samba ha escrit:
>>>>> Try running this on a DC:
>>>>>
>>>>> samba-tool ldapcmp ldap://DC1 ldap://DC2 
>>>>> --filter='whenChanged,dc,DC,cn,CN,ou,OU'
>>>>>
>>>>> Replace 'DC1' and 'DC2' with your actual DC short hostnames
>>>>>
>>>>> It should tell you the differences.
>>>>
>>>> The list is too long to post here.
>>>
>>> it's here:
>>>
>>> https://pastebin.com/UFEPvgjX
>>
>>
>> Your main problem appears to be that you have a lot of duplicate 
>> objects in the DNSDOMAIN context, these are the records with '0ACNF' 
>> in them.
>>
>> Have you stopped your Windows clients from updating their own records ?
>>
>> As you are using dhcp, I would delete all those records (they will 
>> get recreated if required), then run on the DC with the PDC Emulator 
>> FSMO role:
>>
>> samba-tool drs replicate <destinationDC> <sourceDC>
>
> I'll try this on Monday, but I don't understand why this happened. 
> After all I never modified directly the database (I just did that now 
> to delete the records that stopped the replication), I only used 
> published interfaces (either rsat, policy editor, windows dns or 
> samba-tool).
>
> And should I worry about the differences in versionNumber, pwLastSet, 
> dnsRecord?
>
> Bye
>
You are getting collisions, the same data is being added to AD on both 
DCs virtually at the same time, on one DC by your dhcp script and on the 
other by the Windows client, then replication occurs and you cannot have 
two objects with the same DN, so one gets renamed. You need to check if 
some of your clients are updating their own dns records and stop them 
doing it.

As for the other attributes, hopefully a forced replication will fix those.

Rowland