[Samba] SID ... conflicts with our current RID set in ...
rpenny at samba.org
Tue Jun 1 16:31:42 UTC 2021
On 01/06/2021 17:07, Marco Gaiarin via samba wrote:
> Doing some health check on my samba AD domain, i've got this:
> root at vdcpp1:~# samba-tool dbcheck --cross-ncs
> Checking 5173 objects
> [... some warnings...]
> SID S-1-5-21-160080369-3601385002-3131615632-2100 for CN=ENRICO,OU=Computers,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it conflicts with our current RID set in CN=RID Set,CN=VDCPP1,OU=Domain Controllers,DC=ad,DC=fvg,DC=lnf,DC=it
> Please use --fix to fix these errors
> Checked 5173 objects (1 errors)
> Two question:
> 1) why this error is DC specific and not domain-wide?
Because every DC has (or should have) its own RID pool
> DC RID is not
> written in AD but only in local DB?
RID's are in AD
> If i run 'samba-tool dbcheck --cross-ncs' in another DC, there's no error...
Different RID pool
> 2) it is safe to use '--fix'? Or, because 'ENRICO' is a simple windows
> pc, it is safer to simply delete 'ENRICO' computer account and rejoin
Try '--fix' first, you can always fall back to leaving the domain and
rejoining if it doesn't work.
More information about the samba