samba - Mar 2021 - Problème de replication

Hello,
After many (too many) changes on my domain, I find myself in a situation
that I can?t get out of.
I have 2 domain controllers called ad03 and ad04 but replication doesn?t
work and their ldap differs like this :

samba-tool ldapcmp ldap://ad03 ldap://ad04 -v
ldb_wrap open of secrets.ldb
resolve_lmhosts: Attempting lmhosts lookup for name ad03<0x20>
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
resolve_lmhosts: Attempting lmhosts lookup for name ad04<0x20>
* Comparing [DOMAIN] context...
* Objects to be compared: 554
    Difference in attribute values:
        servicePrincipalName =>
[b'E3514235-4B06-11D1-AB04-00C04FC2DCD2/ceddd4ea-a2fc-4070-bd37-0505d51c6c7c/
domain.info', b'GC/ad04.domain.info/domain.info',
b'HOST/AD04', b'HOST/
ad04.domain.info']
[b'E3514235-4B06-11D1-AB04-00C04FC2DCD2/ceddd4ea-a2fc-4070-bd37-0505d51c6c7c/
domain.info', b'GC/ad04.domain.info/domain.info',
b'HOST/AD04', b'HOST/
ad04.domain.info', b'HOST/ad04.domain.info/DOMAIN', b'HOST/
ad04.domain.info/domain.info', b'RestrictedKrbHost/AD04',
b'RestrictedKrbHost/ad04.domain.info', b'ldap/AD04',
b'ldap/ad04.domain.info',
b'ldap/ad04.domain.info/DomainDnsZones.domain.info', b'ldap/
ad04.domain.info/ForestDnsZones.domain.info',
b'ldap/ad04.domain.info/DOMAIN',
b'ldap/ad04.domain.info/domain.info',
b'ldap/ceddd4ea-a2fc-4070-bd37-0505d51c6c7c._msdcs.domain.info']
    FAILED
* Result for [DOMAIN]: FAILURE
SUMMARY
---------
Attributes with different values:
    servicePrincipalName
* Comparing [CONFIGURATION] context...
* DN lists have different size: 1622 != 1623
    CN=87B79F9E-8A4F-4DF7-8A30-67F11FAD6AFD,CN=NTDS
SETTINGS,CN=AD04,CN=SERVERS,CN=DEFAULT-FIRST-SITE-NAME,CN=SITES,CN=CONFIGURATION,DC=DOMAIN,DC=INFO
* Objects to be compared: 1622
* Result for [CONFIGURATION]: FAILURE
SUMMARY
---------
* Comparing [SCHEMA] context...
* Objects to be compared: 1550
ERROR: Compare failed: -1
* Result for [SCHEMA]: SUCCESS
* Comparing [DNSDOMAIN] context...
* Objects to be compared: 136
* Result for [DNSDOMAIN]: SUCCESS
* Comparing [DNSFOREST] context...
* Objects to be compared: 36
* Result for [DNSFOREST]: SUCCESS
root at ad03:/#

Can you help me?

Matthias

----------Texte original-----------
Bonjour,

Apr?s beaucoup (trop) de modifications sur mon domaine, je me retrouve dans
une situation dont je n'arrive pas a me sortir.

J'ai 2 contr?leur de domaine appel? ad03 et ad04 mais la r?plication ne
fonctionne pas et leur ldap diff?re comme cela :

Pouvez-vous m'aider?

On 11/03/2021 17:29, matthieu le roy via samba wrote:
> Hello,
> After many (too many) changes on my domain, I find myself in a situation
> that I can?t get out of.
> I have 2 domain controllers called ad03 and ad04 but replication doesn?t
> work and their ldap differs like this :
>
> samba-tool ldapcmp ldap://ad03 ldap://ad04 -v
> ldb_wrap open of secrets.ldb
> resolve_lmhosts: Attempting lmhosts lookup for name ad03<0x20>
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'http_negotiate' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> resolve_lmhosts: Attempting lmhosts lookup for name ad04<0x20>
> * Comparing [DOMAIN] context...
> * Objects to be compared: 554
>      Difference in attribute values:
>          servicePrincipalName =>
>
[b'E3514235-4B06-11D1-AB04-00C04FC2DCD2/ceddd4ea-a2fc-4070-bd37-0505d51c6c7c/
> domain.info', b'GC/ad04.domain.info/domain.info',
b'HOST/AD04', b'HOST/
> ad04.domain.info']
>
[b'E3514235-4B06-11D1-AB04-00C04FC2DCD2/ceddd4ea-a2fc-4070-bd37-0505d51c6c7c/
> domain.info', b'GC/ad04.domain.info/domain.info',
b'HOST/AD04', b'HOST/
> ad04.domain.info', b'HOST/ad04.domain.info/DOMAIN', b'HOST/
> ad04.domain.info/domain.info', b'RestrictedKrbHost/AD04',
> b'RestrictedKrbHost/ad04.domain.info', b'ldap/AD04',
b'ldap/ad04.domain.info',
> b'ldap/ad04.domain.info/DomainDnsZones.domain.info', b'ldap/
> ad04.domain.info/ForestDnsZones.domain.info',
b'ldap/ad04.domain.info/DOMAIN',
> b'ldap/ad04.domain.info/domain.info',
> b'ldap/ceddd4ea-a2fc-4070-bd37-0505d51c6c7c._msdcs.domain.info']
>      FAILED
> * Result for [DOMAIN]: FAILURE
> SUMMARY
> ---------
> Attributes with different values:
>      servicePrincipalName
> * Comparing [CONFIGURATION] context...
> * DN lists have different size: 1622 != 1623
>      CN=87B79F9E-8A4F-4DF7-8A30-67F11FAD6AFD,CN=NTDS
>
SETTINGS,CN=AD04,CN=SERVERS,CN=DEFAULT-FIRST-SITE-NAME,CN=SITES,CN=CONFIGURATION,DC=DOMAIN,DC=INFO
> * Objects to be compared: 1622
> * Result for [CONFIGURATION]: FAILURE
> SUMMARY
> ---------
> * Comparing [SCHEMA] context...
> * Objects to be compared: 1550
> ERROR: Compare failed: -1
> * Result for [SCHEMA]: SUCCESS
> * Comparing [DNSDOMAIN] context...
> * Objects to be compared: 136
> * Result for [DNSDOMAIN]: SUCCESS
> * Comparing [DNSFOREST] context...
> * Objects to be compared: 36
> * Result for [DNSFOREST]: SUCCESS
> root at ad03:/#
>
Have you tried 'samba-tool dbcheck' and 'samba-tool drs
replicate' ?

Rowland