[Samba] Following up on the GPO/Sysvolreset conversation

Rowland penny rpenny at samba.org
Fri Jan 29 19:58:53 UTC 2021

On 29/01/2021 19:34, Hans Rasmussen via samba wrote:
> OK, so quite a while ago, I did do the bad thing and did a sysvolreset on
> our network with 2 DC's (DC1 and DC2) thinking that .  I have a number of
> GPO's and Domain Admins has a GID.  DC1 replicates sysvol to DC2 via rsync.
> DC1 holds all the FSMO's. Windows Group Policy Management shows DC2 as a
> "Domain Controller with replication in progress" but also shows SysVol as
> Inaccessible.
> The Domain functions correctly if DC1 or DC2 is down as far as I can tell.
> Running Samba Version 4.7.6-Ubuntu on Ubuntu 18.04.1 on both DC's
It would be better if you upgraded to 20.04, this would get you a much 
later version of Samba
> So, how borked am I?  Are there any steps I can take to fix my original
> egregious error.

You have a couple of options here, remove the gidNumber from Domain 
Admins, or remove 'idmap_ldb:use rfc2307  = yes' from the DC's smb.conf, 
either will turn the group back into 'ID_TYPE_BOTH'. You can then run 
sysvolcheck and sysvolreset, you will also need to ensure that idmap.ldb 
is the same on all DC's


More information about the samba mailing list