Hi everyone, I've got an interesting problem; I have a multi AD-DC setup using Samba 4. They're using the rsync method to replicate SysVol as per the docs here: https://wiki.samba.org/index.php/Rsync_based_SysVol_replication_workaround. If I create a new GPO on the main DC, it replicates just fine to the second DC. However, when a client tries to apply those policies ("gpupdate /force" on the client), I get an error saying the policy cannot be read. However, if I run "samba-tool ntacl sysvolreset" on the second DC, the GPO then applies perfectly. I've checked using "getfacl" on the sysvol directory and its contents are identical to the main DC. Does anyone know if its harmful just to run "samba-tool ntacl sysvolreset" after every rsync to the second DC? Or if this issue is well known at all? Thanks in advance. Andrew