[Samba] Fwd: GPO incomplete / missing -> samba-tool crash
Rowland Penny
rpenny at samba.org
Mon Jan 10 17:32:37 UTC 2022
On Mon, 2022-01-10 at 18:23 +0100, Kees van Vloten via samba wrote:
> On 10-01-2022 18:10, Rowland Penny via samba wrote:
> > On Mon, 2022-01-10 at 18:04 +0100, Kees van Vloten via samba wrote:
> > > On 10-01-2022 17:59, David Mulder via samba wrote:
> > > > Check in adsi under CN=Policies,CN=System. You probably have
> > > > the
> > > > policy listed there in ldap still, which I assume needs to be
> > > > removed.
> > > > It'll be called CN={75991237-941B-47B9-AF67-853781EA44B3}
> > > Thanks David!
> > >
> > > I have no Windows machine at hand, will 'ldb*' do the same?
> > Yes it would, but if you have another DC and if it is still there,
> > you
> > could sync it back.
> >
> > Rowland
> >
> >
> >
> I have 2 DCs and it is gone on both. I guess the automatic sync did
> what
> it is supposed to do :-) .
> I am using the osync solution from wiki:
> https://wiki.samba.org/index.php/Bidirectional_Rsync/osync_based_SysVol_replication_workaround.
>
> Since I have the default policies only at the moment, I am a bit
> puzzled
> what happened, since there are still 2 policies on the filesystem
> but
> indeed 3 in LDAP in 'CN=Policies,CN=System,DC=samdom,DC=net'.
>
> Would there be any way to find a clue what the 3rd was?
Possibly, if it is using a standard GUID, but this unlikely.
You are going to have to remove it from AD, not entirely sure how.
Do you have a backup you could obtain it from ?
Rowland
More information about the samba
mailing list