[Samba] Error when joining new DC

Peter Mittermayer samba.lists at outlook.com
Mon Dec 16 15:23:03 UTC 2024


Hi Rowland,

It's not a replication collision.

The two records with same dn were created for the same person but they differ in sAMAccountName (vikasr & vikasraj, both with same email details).

I talked to the account owner and he told me that he is just using the second one. Therefore I will just delete the first one on the prod system. In my lab I have just changed the dn to CN=Vikas Rajan Duplicate,...

Looks like there is no check for duplicate dn when creating an user account in 4.11.17.

br

________________________________________
From: samba <samba-bounces at lists.samba.org> on behalf of Rowland Penny via samba <samba at lists.samba.org>
Sent: Monday, December 16, 2024 5:07 PM
To: samba at lists.samba.org
Cc: Rowland Penny
Subject: Re: [Samba] Error when joining new DC

On Mon, 16 Dec 2024 14:52:03 +0000
Peter Mittermayer via samba <samba at lists.samba.org> wrote:

> I see. Thanks for clarification.
>
> Checking the detailed of using debuglevel 10 I see this message:
>
> ../../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:5583: Resolving
> conflict record via existing-record rename 'CN=Vikas
> Rajan,CN=Users,DC=SUB,DC=DOM,DC=TLDbg' -> 'CN=Vikas
> Rajan\0ACNF:de5b7fa1-e3ec-4631-a8d7-cdfc137ac3b7,CN=Users,DC=SUB,DC=DOM,DC=TLD'

That is what is known as a 'collision', at some time, the record was
created on one machine, it possibly was a bit slow in replicating, so
it was also created on another machine just at the same time as the
replication arrived and they collided. Or it was created on two
different machines at the same time, either way you cannot have two
identical records, so one became 'CN=Vikas
Rajan\0ACNF:de5b7fa1-e3ec-4631-a8d7-cdfc137ac3b7,CN=Users,DC=SUB,DC=DOM,DC=TLD'

>
> Although it was renamed and re-replicated:
> ../../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:5605: With
> conflicting record renamed, re-apply replicated creation of 'CN=Vikas
> Rajan,CN=Users,DC=SUB,DC=DOM,DC=TLD'

Well yes, but that record probably already exists

>
> The whole transaction seems to fail. Maybe because it is still using
> the old dn instead of the renamed one.
>
> I renamed the dn manually using ldbrename and after that the join
> succeeds.
>

But what did you rename it to ?

You might want to read this:

https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/rename-item-replication-collision

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



More information about the samba mailing list