Rowland Penny
2022-Jan-10 17:10 UTC
[Samba] Fwd: GPO incomplete / missing -> samba-tool crash
On Mon, 2022-01-10 at 18:04 +0100, Kees van Vloten via samba wrote:> On 10-01-2022 17:59, David Mulder via samba wrote: > > Check in adsi under CN=Policies,CN=System. You probably have the > > policy listed there in ldap still, which I assume needs to be > > removed. > > It'll be called CN={75991237-941B-47B9-AF67-853781EA44B3} > Thanks David! > > I have no Windows machine at hand, will 'ldb*' do the same?Yes it would, but if you have another DC and if it is still there, you could sync it back. Rowland
Kees van Vloten
2022-Jan-10 17:23 UTC
[Samba] Fwd: GPO incomplete / missing -> samba-tool crash
On 10-01-2022 18:10, Rowland Penny via samba wrote:> On Mon, 2022-01-10 at 18:04 +0100, Kees van Vloten via samba wrote: >> On 10-01-2022 17:59, David Mulder via samba wrote: >>> Check in adsi under CN=Policies,CN=System. You probably have the >>> policy listed there in ldap still, which I assume needs to be >>> removed. >>> It'll be called CN={75991237-941B-47B9-AF67-853781EA44B3} >> Thanks David! >> >> I have no Windows machine at hand, will 'ldb*' do the same? > Yes it would, but if you have another DC and if it is still there, you > could sync it back. > > Rowland > > >I have 2 DCs and it is gone on both. I guess the automatic sync did what it is supposed to do :-) . I am using the osync solution from wiki: https://wiki.samba.org/index.php/Bidirectional_Rsync/osync_based_SysVol_replication_workaround. Since I have the default policies only at the moment, I am a bit puzzled what happened, since there are still 2 policies on the filesystem but indeed 3 in LDAP in 'CN=Policies,CN=System,DC=samdom,DC=net'. Would there be any way to find a clue what the 3rd was? - Kees