[Samba] dbcheck and fix

bd730c5053df9efb bd730c5053df9efb at proton.me
Fri Sep 27 11:16:39 UTC 2024 

On Tuesday, September 24th, 2024 at 15:29, bd730c5053df9efb via samba <samba at lists.samba.org> wrote:

> Hi all!
> 
> I demoted a samba 4.10.8 (slackware 14.2) ad dc called DC1 and joined to the domain a samba 4.20.4 (debian 12.7) called DC3. There is also a samba 4.18.9 (slackware 15.0) ad dc called DC2 which for the moment holds all the FSMO roles. The whole replacing an ad dc with another one worked out great but when I run the command samba-tool dbcheck --cross-ncs on DC2 I got 3 "NOTES" and 2 "WARNING" stating (the DN has been obscured and "513a2ea7-9ad8-496f-93db-2532cc6e9c45" was the GUID of DC1):
> Checking 4694 objects
> NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=NTDS Settings\0ADEL:513a2ea7-9ad8-496f-93db-2532cc6e9c45,CN=DC1\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com - CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
> Not fixing old string component
> WARNING: target DN is deleted for msDS-NC-Replica-Locations in object CN=7e37a80b-2ead-4031-8acc-6f995ef154aa,CN=Partitions,CN=Configuration,DC=ad,DC=samdom,DC=com - <GUID=513a2ea7-9ad8-496f-93db-2532cc6e9c45>;<RMD_ADDTIME=132153595350000000>;<RMD_CHANGETIME=132153595350000000>;<RMD_FLAGS=0>;<RMD_INVOCID=3bbdc703-999b-4163-9d34-66692d318854>;<RMD_LOCAL_USN=4729>;<RMD_ORIGINATING_USN=3707>;<RMD_VERSION=1>;CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
> 
> Target GUID points at deleted DN 'CN=NTDS Settings\\0ADEL:513a2ea7-9ad8-496f-93db-2532cc6e9c45,CN=DC1\\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com'
> Not removing
> WARNING: target DN is deleted for msDS-NC-Replica-Locations in object CN=c178fbfd-d5dc-42fe-88d1-1a03f5e4222a,CN=Partitions,CN=Configuration,DC=ad,DC=samdom,DC=com - <GUID=513a2ea7-9ad8-496f-93db-2532cc6e9c45>;<RMD_ADDTIME=132153595350000000>;<RMD_CHANGETIME=132153595350000000>;<RMD_FLAGS=0>;<RMD_INVOCID=3bbdc703-999b-4163-9d34-66692d318854>;<RMD_LOCAL_USN=4727>;<RMD_ORIGINATING_USN=3715>;<RMD_VERSION=1>;CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
> 
> Target GUID points at deleted DN 'CN=NTDS Settings\\0ADEL:513a2ea7-9ad8-496f-93db-2532cc6e9c45,CN=DC1\\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com'
> Not removing
> NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=ee52ad50-8b1e-4597-bb00-8000af11ba33\0ADEL:b1d22847-24b7-4aeb-954a-6efc0078447a,CN=Deleted Objects,CN=Configuration,DC=ad,DC=samdom,DC=com - CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
> Not fixing old string component
> NOTE: old (due to rename or delete) DN string component for rIDSetReferences in object CN=DC1,CN=Computers,DC=ad,DC=samdom,DC=com - CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=samdom,DC=com
> Not fixing old string component
> Checked 4694 objects (2 errors)
> 
> So, after this I executed the command samba-tool dbcheck --cross-ncs --fix but as I wasn't sure about what it would do I answered "N" to all the questions, here is the transcript of the command:
> Checking 4694 objects
> NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=NTDS Settings\0ADEL:513a2ea7-9ad8-496f-93db-2532cc6e9c45,CN=DC1\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com - CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
> Change DN to <GUID=3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3>;CN=DC1\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com? [y/N/all/none]
> 
> Not fixing old string component
> WARNING: target DN is deleted for msDS-NC-Replica-Locations in object CN=7e37a80b-2ead-4031-8acc-6f995ef154aa,CN=Partitions,CN=Configuration,DC=ad,DC=samdom,DC=com - <GUID=513a2ea7-9ad8-496f-93db-2532cc6e9c45>;<RMD_ADDTIME=132153595350000000>;<RMD_CHANGETIME=132153595350000000>;<RMD_FLAGS=0>;<RMD_INVOCID=3bbdc703-999b-4163-9d34-66692d318854>;<RMD_LOCAL_USN=4729>;<RMD_ORIGINATING_USN=3707>;<RMD_VERSION=1>;CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
> 
> Target GUID points at deleted DN 'CN=NTDS Settings\\0ADEL:513a2ea7-9ad8-496f-93db-2532cc6e9c45,CN=DC1\\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com'
> Remove stale DN link? [y/N/all/none]
> Not removing
> WARNING: target DN is deleted for msDS-NC-Replica-Locations in object CN=c178fbfd-d5dc-42fe-88d1-1a03f5e4222a,CN=Partitions,CN=Configuration,DC=ad,DC=samdom,DC=com - <GUID=513a2ea7-9ad8-496f-93db-2532cc6e9c45>;<RMD_ADDTIME=132153595350000000>;<RMD_CHANGETIME=132153595350000000>;<RMD_FLAGS=0>;<RMD_INVOCID=3bbdc703-999b-4163-9d34-66692d318854>;<RMD_LOCAL_USN=4727>;<RMD_ORIGINATING_USN=3715>;<RMD_VERSION=1>;CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
> 
> Target GUID points at deleted DN 'CN=NTDS Settings\\0ADEL:513a2ea7-9ad8-496f-93db-2532cc6e9c45,CN=DC1\\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com'
> Remove stale DN link? [y/N/all/none]
> Not removing
> NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=ee52ad50-8b1e-4597-bb00-8000af11ba33\0ADEL:b1d22847-24b7-4aeb-954a-6efc0078447a,CN=Deleted Objects,CN=Configuration,DC=ad,DC=samdom,DC=com - CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
> Change DN to <GUID=513a2ea7-9ad8-496f-93db-2532cc6e9c45>;CN=NTDS Settings\0ADEL:513a2ea7-9ad8-496f-93db-2532cc6e9c45,CN=DC1\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com? [y/N/all/none]
> 
> Not fixing old string component
> NOTE: old (due to rename or delete) DN string component for rIDSetReferences in object CN=DC1,CN=Computers,DC=ad,DC=samdom,DC=com - CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=samdom,DC=com
> Change DN to <GUID=1acf56eb-0283-4a67-9970-91fa433885bd>;CN=RID Set,CN=DC1,CN=Computers,DC=ad,DC=samdom,DC=com? [y/N/all/none]
> 
> Not fixing old string component
> Checked 4694 objects (2 errors)
> 
> I ask someone with more experience with this command, would it be safe to answer Y to these questions?
> 
> Thanks in advance!
> Best regards,
> Dave.
> 
> Sent with Proton Mail secure email.
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba

Hi all!

I answer myself just in case someone comes here looking for this. I took a snapshot of the VM's where the dc's are running before running the fix just in case. I ran the command "samba-tool dbcheck --cross-ncs --fix" command and answered Y to the questions and everything seems to be working ok.

Best regards.
Dave.

More information about the samba mailing list