samba - Jan 2021 - GPO Issue after adding second DC -> winning gpo Result: Failure (Error Code: 0x80070035)

On 28/01/2021 18:54, Marco Shmerykowsky via samba wrote:
>
>
> Just to add to this:
>
> If I run 'samba-tool ntacl sysvolcheck' on either server I get the 
> following:
I know you are syncing sysvol between the two DC's, but are you also 
syncing idmap.ldb from the first DC to the second ?

If you aren't, then you will probably have different xidNumbers on each DC.

Rowland

On 1/28/2021 2:02 PM, Rowland penny via samba wrote:
> On 28/01/2021 18:54, Marco Shmerykowsky via samba wrote:
>>
>>
>> Just to add to this:
>>
>> If I run 'samba-tool ntacl sysvolcheck' on either server I get
the
>> following:
> 
> I know you are syncing sysvol between the two DC's, but are you also 
> syncing idmap.ldb from the first DC to the second ?
> 
> If you aren't, then you will probably have different xidNumbers on each
DC.
> 
> Rowland
I did the sync once when I setup the server.  The docs on the
wiki seem to imply this is a one time step and not something
that needs to be done continuously.

I did find a configuration error on the new DC that may
have effected the was DNS was working, however after
correcting that the user still is reporting that after
logon, the GPO's are not being applied.

I can not replicate the problem on my end.

The results of the drive map according to gpresult
from the user's computer produce (Error Code: 0x80070035).