[Samba] Missing Policies folder in AD and /var/lib/samba/sysvol

Wed Mar 19 22:32:16 UTC 2025

Rowland,

I took your advice and spun up a Debian bookworm VM and provisioned a 
new dummy DOMAIN.COM with Samba 4.17.12.

And yes, the sysvol Policies folder was created with the two GUIDs.

I zipped up and copied the Policies folders to my active FSMO Samba DC.

Now, running

#samba-tool ntacl sysvolreset

lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
Processing section "[sysvol]"
Processing section "[netlogon]"
ldb_wrap open of idmap.ldb
lp_load_ex: refreshing parameters
Processing section "[global]"
Processing section "[sysvol]"
Processing section "[netlogon]"
... etc. ...

Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' 
and 'force unknown acl user = true' for service sysvol
set_nt_acl_conn: init_files_struct failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
ERROR(runtime): uncaught exception - (3221225524, 'The object name is 
not found.')
   File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 
185, in _run
     return self.run(*args, **kwargs)
            ^^^^^^^^^^^^^^^^^^^^^^^^^
   File "/usr/lib/python3/dist-packages/samba/netcmd/ntacl.py", line 
412, in run
     provision.setsysvolacl(samdb, netlogon, sysvol,
   File "/usr/lib/python3/dist-packages/samba/provision/__init__.py", 
line 1754, in setsysvolacl
     set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, 
use_ntvfs, passdb=s4_passdb)
   File "/usr/lib/python3/dist-packages/samba/provision/__init__.py", 
line 1641, in set_gpos_acl
     set_dir_acl(policy_path, dsacl2fsacl(acl, domainsid), lp,
   File "/usr/lib/python3/dist-packages/samba/provision/__init__.py", 
line 1604, in set_dir_acl
     setntacl(lp, path, acl, domsid, session_info, use_ntvfs=use_ntvfs, 
skip_invalid_chown=True, passdb=passdb, service=service)
   File "/usr/lib/python3/dist-packages/samba/ntacls.py", line 228, in 
setntacl
     smbd.set_nt_acl(

I must still be missing something.

Do I need to do something besides copy the Policies folder to /var/lib?

Is this wiki page still relevant?
https://wiki.samba.org/index.php/Sysvolreset