[Samba] Missing security descriptor reference domain
Rowland Penny
rpenny at samba.org
Tue Jan 17 14:41:12 UTC 2023
On 17/01/2023 14:13, Thorsten Marquardt via samba wrote:
> Hi,
>
> to check my domain I ran
>
> dcdiag /s:srv-kb-dc1
>
> Windows PC an get some errors/warnings:
>
> The following text is google translated of the german report. I don't
> know how close this translation is to the english orginal:
>
> Starting test: CheckSDRefDom
>
> A security descriptor reference domain is missing from the application
> directory partition DC=ForestDnsZones,DC=local,DC=dom. The msDS-SD
> reference domain attribute of the locator object
> CN=cb41f9cf-e031-4122-919b-059f46a9ecaf,CN=Partitions,CN=Configuration,DC=local,DC=dom must be set to the DN of a domain by the administrator will.
Google translate is only so good, it has an habit of splitting up words,
msDS-SD reference domain is actually an attribute called
'msDS-SDReferenceDomain'
Yes, this is in the Samba schema, but it isn't used. One reason is that
there is only one domain in Samba AD, so it is obvious which domain
group is in charge.
>
>
> Is this somthing I have to worry about? Can this be fixed (how) or
> ignorred?
Your questions answered in order:
No
No need
Yes, you can ignore it, I always have.
Rowland
More information about the samba
mailing list