[Samba] Replication only working one way

[Rowland penny]

On 14/07/2020 19:07, Peter Pollock wrote:
> Checking the databases against each other throws up pages and pages of 
> errors. The two are completely out of sync now.
>
> What I have seen is that for no apparent reason, one of the servers 
> suddenly decided it would sync with the Windows server, which appears 
> to have updated the schema. Yesterday when I compared the databases on 
> the two linux servers they only had a couple of errors, today, many 
> errors and now the schema says it is a different size:
>
> * Result for [CONFIGURATION]: FAILURE
>
> SUMMARY
> ---------
>
> Attributes found only in ldap://genesis:
>
>     dSASignature
>     serverReference
>
> Attributes with different values:
>
>     msDS-NC-Replica-Locations
>     extraColumns
>     mS-DS-ReplicatesNCReason
>     adminPropertyPages
>     appliesTo
>     attributeDisplayNames
>     masteredBy
>     interSiteTopologyGenerator
>     adminContextMenu
>     msDs-masteredBy
>     classDisplayName
>     revision
>
> * Comparing [SCHEMA] context...
>
> * DN lists have different size: 1789 != 1569
> CN=Dns-Zone-Scope,CN=Schema,CN=Configuration,DC=kcs,DC=local
>
> Genesis is, I believe, correct. Is there a way to force Luke to update 
> itself from Genesis completely?

You said 'Mathew' was a Windows 2008R2 DC, but 'CN=Dns-Zone-Scope' only 
appeared with Windows 2016, which Samba does not yet support. You have, 
undoubtedly and unwittingly, borked your Samba DC's.

If you wish to continue using Samba DC's, you will need to remove the 
Windows 2016 DC from the domain and then use 'Luke' as the main DC, 
hopefully this is still functioning correctly. Seize the FSMO roles to 
Luke, demote the other two DC's and clean them up, then join them to the 
domain again. If everything works okay, then you have been lucky, if it 
doesn't, then do you have backups from before the Windows 2016 dc was 
added ?

Rowland