[Samba] samba 4.11.16 issue with demoting DC leaving reminants in sam.ldb

Jason Keltz jas at eecs.yorku.ca
Mon Dec 7 18:13:50 UTC 2020 

Hi.

Through a few experiments, I've tried to re-install my secondary domain 
controller 3 times.  Each time, I demoted the DC, then readded it.  The 
re-add  works fine, but I now notice that when I use "samba-tool drs 
uptodateness", It is reporting one unknown invocation ID for each past 
install:

Unknown invocation ID 50ade4c2-11e2-4d74-9248-362b54ce282a
Unknown invocation ID c6821a62-0387-4e4b-925e-b76a501a8777
Unknown invocation ID e78be3c7-788a-4fbb-93f7-2bda7d95683a
Unknown invocation ID 50ade4c2-11e2-4d74-9248-362b54ce282a
Unknown invocation ID c6821a62-0387-4e4b-925e-b76a501a8777
Unknown invocation ID e78be3c7-788a-4fbb-93f7-2bda7d95683a
Unknown invocation ID 50ade4c2-11e2-4d74-9248-362b54ce282a
Unknown invocation ID c6821a62-0387-4e4b-925e-b76a501a8777
Unknown invocation ID e78be3c7-788a-4fbb-93f7-2bda7d95683a
Unknown invocation ID 50ade4c2-11e2-4d74-9248-362b54ce282a
Unknown invocation ID c6821a62-0387-4e4b-925e-b76a501a8777
Unknown invocation ID e78be3c7-788a-4fbb-93f7-2bda7d95683a
Unknown invocation ID 50ade4c2-11e2-4d74-9248-362b54ce282a
Unknown invocation ID c6821a62-0387-4e4b-925e-b76a501a8777
Unknown invocation ID e78be3c7-788a-4fbb-93f7-2bda7d95683a

How do I delete these entries from sam.ldb?

I added an extra line to "uptodateness", and it looks like this is 
coming from:

DC=ad,DC=eecs,DC=yorku,DC=ca
DC=ad,DC=eecs,DC=yorku,DC=ca
DC=ad,DC=eecs,DC=yorku,DC=ca
CN=Configuration,DC=ad,DC=eecs,DC=yorku,DC=ca
CN=Configuration,DC=ad,DC=eecs,DC=yorku,DC=ca
CN=Configuration,DC=ad,DC=eecs,DC=yorku,DC=ca
CN=Schema,CN=Configuration,DC=ad,DC=eecs,DC=yorku,DC=ca
CN=Schema,CN=Configuration,DC=ad,DC=eecs,DC=yorku,DC=ca
CN=Schema,CN=Configuration,DC=ad,DC=eecs,DC=yorku,DC=ca
DC=DomainDnsZones,DC=ad,DC=eecs,DC=yorku,DC=ca
DC=DomainDnsZones,DC=ad,DC=eecs,DC=yorku,DC=ca
DC=DomainDnsZones,DC=ad,DC=eecs,DC=yorku,DC=ca
DC=ForestDnsZones,DC=ad,DC=eecs,DC=yorku,DC=ca
DC=ForestDnsZones,DC=ad,DC=eecs,DC=yorku,DC=ca
DC=ForestDnsZones,DC=ad,DC=eecs,DC=yorku,DC=ca

Previous messages from Andrew B and Rowland say not to use ldbedit to 
modify the database directly, so I don't want to mess with that.

samba-tool domain tombstones expunge doesn't help.

I've tried running a dbcheck (though I admittedly had to stop it after 
awhile because it was very intensive, and even when reniced to lowest 
priority, it stopped all logins to our system)...

Why is it that when demoting a DC, and following the instructions, these 
entries don't get deleted automatically? Is this a bug?

Anyone?

Jason.

More information about the samba mailing list