[Samba] Missing Policies folder in AD and /var/lib/samba/sysvol
Rowland Penny
rpenny at samba.org
Fri Mar 21 19:03:28 UTC 2025
On Fri, 21 Mar 2025 12:34:11 -0600
Rick Hollinbeck via samba <samba at lists.samba.org> wrote:
> Thanks, Rowland
>
> > Try running this on your Samba DC (altered to your setup):
>
> > sudo ldbsearch --show-binary -H /var/lib/samba/private/sam.ldb -P -b
> > 'CN=Policies,CN=System,DC=samdom,DC=example,DC=com' -s one
>
> Ok, I ran this on my server and...
> The GPO records were now there!
Yes, but how many ?
Please post the output.
>
> And... The Policies folder is also showing in Windows explorer.
>
> And... My GPO error events went away.
That 'ldbsearch' line will not have fixed anything.
>
> The population of sysvol in AD seems to have happened overnight,
> so perhaps this is done on some kind of schedule by Samba.
There is nothing in Samba to sync the Sysvol directories, but AD
replication will ensure that the databases on all DCs match (unless
something goes wrong and there are always non replicating attributes)
>
> But...
> sysvolcheck still fails on both my FSMO samba 4.17.12 DC and
> my secondary 4.21.4 DC as I showed in my last email.
I think you are now conflating what is in AD and what is in the sysvol
directories, they should correspond, sysvolreset uses the information
from AD to set the permissions in the sysvol directories. If there are
GPOs in AD, but not in sysvol, you get an error like the one you are
getting.
>
> But, as long as GPO seems to work now, I guess I don't need
> sysvolcheck to work.
Yes you do.
Rowland
More information about the samba
mailing list