[Samba] How to determine DNS anomaly

Rowland Penny rpenny at samba.org
Tue May 10 07:59:36 UTC 2022


On Tue, 2022-05-10 at 09:29 +0200, Hakim Liso via samba wrote:
> Hello
> 
> Ldapcmd got me Closer.
> 
> * Comparing [CONFIGURATION] context...
> 
> * DNs found only in ldap://dc01:
>     CN=dc02,CN=NTDS
> SETTINGS,CN=dc01,CN=SERVERS,CN=loc1,CN=SITES,CN=CONFI

I have nothing like the above, but this could be because I only use the
default site. However, if it exists on one DC, it should exist on all
DC's.

> 
> * DNs found only in ldap://dc02:
>    CN=1C2E8F02-9175-4E72-AEF0-E9C5F1644072,CN=NTDS
> SETTINGS,CN=dc01,CN=SERVERS,
> 
> * Objects to be compared: 1629
> 
> Comparing:
> 'CN=NTDS SITE
> SETTINGS,CN=loc2,CN=SITES,CN=CONFIGURATION,DC=my,DC=domain'
> 'CN=NTDS SITE
> SETTINGS,CN=loc2,CN=SITES,CN=CONFIGURATION,DC=my,DC=domain'
>     Difference in attribute values:
>         interSiteTopologyGenerator =>
> [b'CN=NTDS Settings\\0ADEL:4bbda5e7-f07e-4748-9f01-
> 3742c9839bda,CN=dc02\\0ADEL:0ntern']

That is a deleted record.

> [b'CN=NTDS
> Settings,CN=dc02,CN=Servers,CN=loc2,CN=Sites,CN=Configuration,
> 
>     FAILED
> 
> * Result for [CONFIGURATION]: FAILURE
> 
> SUMMARY
> ---------
> 
> Attributes with different values:
> 
>     interSiteTopologyGenerator
> ERROR: Compare failed: -1
> 
> Those seem to be the source of error.
> Can i manually update them? Im worried i’ll end up worse if i try.

Do not try to manually add them, you could end up with collisions.

I would first run 'samba-tool dbcheck' on each DC and then fix any
errors found, then 'samba-tool drs replicate' to force a replication if
still required.

Rowland





More information about the samba mailing list