[Samba] demoted AD remains in samba-tool drs showrepl
Denis CARDON
dcardon at tranquil.it
Wed Apr 29 09:47:17 UTC 2020
Hi Benedikt,
Le 29/04/2020 à 10:21, Benedikt Kaleß via samba a écrit :
> Dear list,
> in this corona crisis a delivery of a AD to a location abroad takes
> longer than I expected. I demoted the AD which is in delivery with
>
> samba-tool domain demote --remove-other-dead-server=ADDC3
>
> If I know trigger a
>
> samba-tool drs showrepl
>
> I still see him in the list:
>
> CN=Configuration,DC=example,DC=com
> NTDS DN: CN=NTDS
> Settings\0ADEL:490b60eb-3616-4f02-87c2-32b6653bfa22,CN=ADDC3\0ADEL:d424f125-bca9-4d37-907b-4b83b5558197,CN=Servers,CN=location,CN=Sites,CN=Configuration,DC=example,DC=cm
> DSA object GUID: 490b60eb-3616-4f02-87c2-32b6653bfa22
> Last attempt @ Wed Apr 22 09:29:19 2020 CEST failed, result 2
> (WERR_FILE_NOT_FOUND)
> 44689 consecutive failure(s).
> Last success @ NTTIME(0)
>
> A samba-tool dbcheck list this entry as well:
it is normal for ADDC3 object to go to deleted object. The GUID
reference in the repsfrom repsto attribute is still there however. It
should go away by itself after some time.
If you want to make it go faster you can run "samba_kcc". It will
recheck the NTDSConnection and the repsFrom repsTo attribute and should
clean them. ADDC3 will still be in Deleted Objects but won't be
referenced anymore and the spurious message should go away.
Cheers,
Denis
>
> Not fixing old string component
> NOTE: old (due to rename or delete) DN string component for
> lastKnownParent in object CN=RID
> Set\0ADEL:e1e17d3e-92ac-4f33-98ce-635edabf6166,CN=Deleted
> Objects,DC=zfd,DC=forumzfd,DC=de - CN=ADDC3,OU=Domain
> Controllers,DC=example,DC=com
>
> I don't see that server in "Active Directory Locations" tool any more.
>
> How can I get rid of these entries in the ldap database?
>
> Best regards
> Benedikt
>
More information about the samba
mailing list