I have a script that regularly (every hour) runs a sysvolreset on the DC that holds the PDC emulator (actually all) roles. This has used to work fine, but now it spits out (approx 50 lines) idmap range not specified for domain '*' idmap range not specified for domain '*' idmap range not specified for domain '*' idmap range not specified for domain '*' idmap range not specified for domain '*' idmap range not specified for domain '*' idmap range not specified for domain '*' idmap range not specified for domain '*' idmap range not specified for domain '*' idmap range not specified for domain '*' 0 sysvolcheck reports no error though. Everything seems to work as it should on both our DC's and file servers. Sysvolreset acts the same also on the other DC (holds no roles). 4.23.3-Debian-4.23.3+dfsg-1~bpo13+1 sysman at hp-srv13:~$ sudo cat /etc/samba/smb.conf # Global parameters [global] dns forwarder = 8.8.8.8 ad dc functional level = 2016 netbios name = HP-SRV13 realm = HXXX-PXXX.SE server role = active directory domain controller workgroup = HPLTS full_audit:prefix = %u|%I|%m|%S full_audit:success = connect full_audit:facility = local7 full_audit:priority = NOTICE log level = 1 auth_audit:4 [sysvol] path = /var/lib/samba/sysvol read only = No [netlogon] path = /var/lib/samba/sysvol/hxxx-pxxx.se/scripts read only = No Any ideas? -- ------ -------------------- 8 ------------------ ------ IT truism: "A permanent solution is a temporary solution that works so well that noone want to replace it." Anders ?stling +46 768 716 165 (Mobil)
On Mon, 26 Jan 2026 21:45:05 +0100 Anders ?stling via samba <samba at lists.samba.org> wrote:> I have a script that regularly (every hour) runs a sysvolreset on the > DC that holds the PDC emulator (actually all) roles. This has used to > work fine, but now it spits out (approx 50 lines) > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*'That is what testparm shows if the default 'idmap config' line is not set in the smb.conf file and that line is not and should not be in a DC smb.conf file, so does your script run testparm ?> 0 > > sysvolcheck reports no error though. Everything seems to work as it > should on both our DC's and file servers. Sysvolreset acts the same > also on the other DC (holds no roles). > > 4.23.3-Debian-4.23.3+dfsg-1~bpo13+1I do not get that error on my DC with the PDC_Emulator FSMO role, but I am on 4.23.4 (latest Debian Trixie backports), so you might want to upgrade. I do not run sysvolreset that often, you only really need to run it when you make major changes to sysvol and then, only if you get errors. Rowland
On Mon, Jan 26, 2026 at 3:46?PM Anders ?stling via samba <samba at lists.samba.org> wrote:> > I have a script that regularly (every hour) runs a sysvolreset on the DC > that holds the PDC emulator (actually all) roles. This has used to work > fine, but now it spits out (approx 50 lines) > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*'... I have two domains that were migrated from NT4 PDC,s and one of them has this same issue. It seems to run fine and testparm reports no errors. Yet sysvolreset reports those warnings whether or not sysvolcheck shows any issues. Any edits to a GPO via RSAT will make sysvolcheck fail and sysvolreset needs to be run. I suspect it displays a warning for each user if not more, as those messages print for quite a while.