Kees van Vloten
2022-Jan-10 17:23 UTC
[Samba] Fwd: GPO incomplete / missing -> samba-tool crash
On 10-01-2022 18:10, Rowland Penny via samba wrote:> On Mon, 2022-01-10 at 18:04 +0100, Kees van Vloten via samba wrote: >> On 10-01-2022 17:59, David Mulder via samba wrote: >>> Check in adsi under CN=Policies,CN=System. You probably have the >>> policy listed there in ldap still, which I assume needs to be >>> removed. >>> It'll be called CN={75991237-941B-47B9-AF67-853781EA44B3} >> Thanks David! >> >> I have no Windows machine at hand, will 'ldb*' do the same? > Yes it would, but if you have another DC and if it is still there, you > could sync it back. > > Rowland > > >I have 2 DCs and it is gone on both. I guess the automatic sync did what it is supposed to do :-) . I am using the osync solution from wiki: https://wiki.samba.org/index.php/Bidirectional_Rsync/osync_based_SysVol_replication_workaround. Since I have the default policies only at the moment, I am a bit puzzled what happened, since there are still 2 policies on the filesystem but indeed 3 in LDAP in 'CN=Policies,CN=System,DC=samdom,DC=net'. Would there be any way to find a clue what the 3rd was? - Kees
dmulder at samba.org
2022-Jan-10 17:27 UTC
[Samba] Fwd: GPO incomplete / missing -> samba-tool crash
On 1/10/22 10:23 AM, Kees van Vloten via samba <samba at lists.samba.org> wrote:> > Since I have the default policies only at the moment, I am a bit puzzled > what happened, since there are still 2 policies on the filesystem but > indeed 3 in LDAP in 'CN=Policies,CN=System,DC=samdom,DC=net'. > > Would there be any way to find a clue what the 3rd was? >CN={75991237-941B-47B9-AF67-853781EA44B3},CN=Policies,CN=System,DC=samdom,DC=net This object should have a displayName attribute. Maybe the display name would give you a clue what it was.
Rowland Penny
2022-Jan-10 17:32 UTC
[Samba] Fwd: GPO incomplete / missing -> samba-tool crash
On Mon, 2022-01-10 at 18:23 +0100, Kees van Vloten via samba wrote:> On 10-01-2022 18:10, Rowland Penny via samba wrote: > > On Mon, 2022-01-10 at 18:04 +0100, Kees van Vloten via samba wrote: > > > On 10-01-2022 17:59, David Mulder via samba wrote: > > > > Check in adsi under CN=Policies,CN=System. You probably have > > > > the > > > > policy listed there in ldap still, which I assume needs to be > > > > removed. > > > > It'll be called CN={75991237-941B-47B9-AF67-853781EA44B3} > > > Thanks David! > > > > > > I have no Windows machine at hand, will 'ldb*' do the same? > > Yes it would, but if you have another DC and if it is still there, > > you > > could sync it back. > > > > Rowland > > > > > > > I have 2 DCs and it is gone on both. I guess the automatic sync did > what > it is supposed to do :-) . > I am using the osync solution from wiki: > https://wiki.samba.org/index.php/Bidirectional_Rsync/osync_based_SysVol_replication_workaround. > > Since I have the default policies only at the moment, I am a bit > puzzled > what happened, since there are still 2 policies on the filesystem > but > indeed 3 in LDAP in 'CN=Policies,CN=System,DC=samdom,DC=net'. > > Would there be any way to find a clue what the 3rd was?Possibly, if it is using a standard GUID, but this unlikely. You are going to have to remove it from AD, not entirely sure how. Do you have a backup you could obtain it from ? Rowland