[Samba] Replication between DCs seems broken after deleting a domain member
Rowland Penny
rpenny at samba.org
Tue Sep 7 12:55:06 UTC 2021
On Tue, 2021-09-07 at 13:59 +0200, Arne Zachlod via samba wrote:
> Hi, sorry for digging this thread up, but I still have a problem
> with
> this. ADDC08 is still not replicating correctly from addc13, and
> there
> seems to be no course of action that helps with the manual
> replication.
> does anyone have an idea on how to fix this?
>
> On 6/7/21 5:21 PM, Arne Zachlod via samba wrote:
> > On 6/7/21 4:50 PM, Rowland penny via samba wrote:
> > > Yes, but how did you delete it, did you just remove the
> > > computers
> > > record ?
> >
> > yes, if I remember correctly, thats exactly what I did. I think
> > there
> > was some error when trying the leave command, but of course I
> > didn't
> > save any output.
> >
> > > If you did, then I would suggest you don't do it that way again,
> > > you
> > > should 'leave' the domain from the computer.
> >
> > will do.
> >
> > > Use samba-tool to replicate from a good DC to addc08
> >
> > well, I tried it as suggested here:
> >
> > https://wiki.samba.org/index.php/Manually_Replicating_Directory_Partitions
> >
> > but the error persists, so I tried replicating Computers as well,
> > but it
> > didn't work:
> >
> > root at addc08:~# samba-tool drs replicate addc08 addc16
> > CN=Computers,DC=int,DC=company,DC=de --full-sync
> > ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed
> > -
> > drsException: DsReplicaSync failed (8440, 'WERR_DS_DRA_BAD_NC')
> > File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line
> > 577,
> > in run
> > drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
> > source_dsa_guid, NC, req_options)
> > File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line
> > 92, in
> > sendDsReplicaSync
> > raise drsException("DsReplicaSync failed %s" % estr)
> >
> > do you have any more ideas? Not sure if it's important, but addc08
> > is
> > also the FSMO master.
> >
> > thanks for your help, it's very much appreciated
> >
> > Arne
I suggest you try what I proposed early, replicate from a good DC to
the bad DC. I should also point out that
'CN=Computers,DC=int,DC=company,DC=de' isn't an 'NC' or naming context,
I suggest you read this:
https://docs.microsoft.com/en-us/windows/win32/ad/naming-contexts-and-partitions
Try the replication command without 'CN=Computers'
Rowland
More information about the samba
mailing list