[Samba] dbcheck and fix
bd730c5053df9efb
bd730c5053df9efb at proton.me
Tue Sep 24 18:29:50 UTC 2024
Hi all!
I demoted a samba 4.10.8 (slackware 14.2) ad dc called DC1 and joined to the domain a samba 4.20.4 (debian 12.7) called DC3. There is also a samba 4.18.9 (slackware 15.0) ad dc called DC2 which for the moment holds all the FSMO roles. The whole replacing an ad dc with another one worked out great but when I run the command samba-tool dbcheck --cross-ncs on DC2 I got 3 "NOTES" and 2 "WARNING" stating (the DN has been obscured and "513a2ea7-9ad8-496f-93db-2532cc6e9c45" was the GUID of DC1):
Checking 4694 objects
NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=NTDS Settings\0ADEL:513a2ea7-9ad8-496f-93db-2532cc6e9c45,CN=DC1\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com - CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
Not fixing old string component
WARNING: target DN is deleted for msDS-NC-Replica-Locations in object CN=7e37a80b-2ead-4031-8acc-6f995ef154aa,CN=Partitions,CN=Configuration,DC=ad,DC=samdom,DC=com - <GUID=513a2ea7-9ad8-496f-93db-2532cc6e9c45>;<RMD_ADDTIME=132153595350000000>;<RMD_CHANGETIME=132153595350000000>;<RMD_FLAGS=0>;<RMD_INVOCID=3bbdc703-999b-4163-9d34-66692d318854>;<RMD_LOCAL_USN=4729>;<RMD_ORIGINATING_USN=3707>;<RMD_VERSION=1>;CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
Target GUID points at deleted DN 'CN=NTDS Settings\\0ADEL:513a2ea7-9ad8-496f-93db-2532cc6e9c45,CN=DC1\\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com'
Not removing
WARNING: target DN is deleted for msDS-NC-Replica-Locations in object CN=c178fbfd-d5dc-42fe-88d1-1a03f5e4222a,CN=Partitions,CN=Configuration,DC=ad,DC=samdom,DC=com - <GUID=513a2ea7-9ad8-496f-93db-2532cc6e9c45>;<RMD_ADDTIME=132153595350000000>;<RMD_CHANGETIME=132153595350000000>;<RMD_FLAGS=0>;<RMD_INVOCID=3bbdc703-999b-4163-9d34-66692d318854>;<RMD_LOCAL_USN=4727>;<RMD_ORIGINATING_USN=3715>;<RMD_VERSION=1>;CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
Target GUID points at deleted DN 'CN=NTDS Settings\\0ADEL:513a2ea7-9ad8-496f-93db-2532cc6e9c45,CN=DC1\\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com'
Not removing
NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=ee52ad50-8b1e-4597-bb00-8000af11ba33\0ADEL:b1d22847-24b7-4aeb-954a-6efc0078447a,CN=Deleted Objects,CN=Configuration,DC=ad,DC=samdom,DC=com - CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
Not fixing old string component
NOTE: old (due to rename or delete) DN string component for rIDSetReferences in object CN=DC1,CN=Computers,DC=ad,DC=samdom,DC=com - CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=samdom,DC=com
Not fixing old string component
Checked 4694 objects (2 errors)
So, after this I executed the command samba-tool dbcheck --cross-ncs --fix but as I wasn't sure about what it would do I answered "N" to all the questions, here is the transcript of the command:
Checking 4694 objects
NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=NTDS Settings\0ADEL:513a2ea7-9ad8-496f-93db-2532cc6e9c45,CN=DC1\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com - CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
Change DN to <GUID=3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3>;CN=DC1\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com? [y/N/all/none]
Not fixing old string component
WARNING: target DN is deleted for msDS-NC-Replica-Locations in object CN=7e37a80b-2ead-4031-8acc-6f995ef154aa,CN=Partitions,CN=Configuration,DC=ad,DC=samdom,DC=com - <GUID=513a2ea7-9ad8-496f-93db-2532cc6e9c45>;<RMD_ADDTIME=132153595350000000>;<RMD_CHANGETIME=132153595350000000>;<RMD_FLAGS=0>;<RMD_INVOCID=3bbdc703-999b-4163-9d34-66692d318854>;<RMD_LOCAL_USN=4729>;<RMD_ORIGINATING_USN=3707>;<RMD_VERSION=1>;CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
Target GUID points at deleted DN 'CN=NTDS Settings\\0ADEL:513a2ea7-9ad8-496f-93db-2532cc6e9c45,CN=DC1\\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com'
Remove stale DN link? [y/N/all/none]
Not removing
WARNING: target DN is deleted for msDS-NC-Replica-Locations in object CN=c178fbfd-d5dc-42fe-88d1-1a03f5e4222a,CN=Partitions,CN=Configuration,DC=ad,DC=samdom,DC=com - <GUID=513a2ea7-9ad8-496f-93db-2532cc6e9c45>;<RMD_ADDTIME=132153595350000000>;<RMD_CHANGETIME=132153595350000000>;<RMD_FLAGS=0>;<RMD_INVOCID=3bbdc703-999b-4163-9d34-66692d318854>;<RMD_LOCAL_USN=4727>;<RMD_ORIGINATING_USN=3715>;<RMD_VERSION=1>;CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
Target GUID points at deleted DN 'CN=NTDS Settings\\0ADEL:513a2ea7-9ad8-496f-93db-2532cc6e9c45,CN=DC1\\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com'
Remove stale DN link? [y/N/all/none]
Not removing
NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=ee52ad50-8b1e-4597-bb00-8000af11ba33\0ADEL:b1d22847-24b7-4aeb-954a-6efc0078447a,CN=Deleted Objects,CN=Configuration,DC=ad,DC=samdom,DC=com - CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
Change DN to <GUID=513a2ea7-9ad8-496f-93db-2532cc6e9c45>;CN=NTDS Settings\0ADEL:513a2ea7-9ad8-496f-93db-2532cc6e9c45,CN=DC1\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com? [y/N/all/none]
Not fixing old string component
NOTE: old (due to rename or delete) DN string component for rIDSetReferences in object CN=DC1,CN=Computers,DC=ad,DC=samdom,DC=com - CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=samdom,DC=com
Change DN to <GUID=1acf56eb-0283-4a67-9970-91fa433885bd>;CN=RID Set,CN=DC1,CN=Computers,DC=ad,DC=samdom,DC=com? [y/N/all/none]
Not fixing old string component
Checked 4694 objects (2 errors)
I ask someone with more experience with this command, would it be safe to answer Y to these questions?
Thanks in advance!
Best regards,
Dave.
Sent with Proton Mail secure email.
More information about the samba
mailing list