[Samba] GPO apply fails after rsync of SysVol.

Andrew Barlow andrew.barlow at gmail.com
Thu Sep 5 10:44:25 UTC 2019

Hi everyone,

I've got an interesting problem; I have a multi AD-DC setup using Samba 4.
They're using the rsync method to replicate SysVol as per the docs here:

If I create a new GPO on the main DC, it replicates just fine to the second
DC. However, when a client tries to apply those policies ("gpupdate /force"
on the client), I get an error saying the policy cannot be read. However,
if I run "samba-tool ntacl sysvolreset" on the second DC, the GPO then
applies perfectly.

I've checked using "getfacl" on the sysvol directory and its contents are
identical to the main DC.

Does anyone know if its harmful just to run "samba-tool ntacl sysvolreset"
after every rsync to the second DC? Or if this issue is well known at all?

Thanks in advance.

More information about the samba mailing list