samba - Dec 2017 - samba-tool ntacl sysvolcheck ERROR

GPOs are not synchronized, because I'm going to delete the zentyal domain,

how can I delete delete all GPOs from AD y sysvol? and start over

[root at srv-cds ~]# samba-tool gpo del {31B2F340-016D-11D2-945F-00C04FB984F9}
GPO {31B2F340-016D-11D2-945F-00C04FB984F9} is linked to containers
ERROR(ldb): Error removing GPO from container - LDAP error 50 
LDAP_INSUFFICIENT_ACCESS_RIGHTS -


El 12/14/2017 a las 12:09 PM, Rowland Penny via samba
escribió:
> On Thu, 14 Dec 2017 11:53:10 -0500
> "Lic. Liusmer Martínez Q via samba" <samba at
lists.samba.org> wrote:
>
>> What have you joined it to ?
>>
>> zentyal 4.2.11,
>>
>> Samba version 4.3.4-Zentyal
>>
>>
>>
>> El 12/14/2017 a las 11:49 AM, Rowland Penny via samba escribió:
>>> What have you joined it to ?
>>
> Are there any extra GPOs on the zentyal machine ?
> If so, you will need to sync sysvol (and idmap.ldb) between the two DCs
> Not only are the GPOs stored under the sysvol directory, they are also
> stored in AD.
>
> Rowland
>

On Thu, 14 Dec 2017 12:25:29 -0500
"Lic. Liusmer Martínez Q via samba" <samba at lists.samba.org>
wrote:
> GPOs are not synchronized, because I'm going to delete the zentyal
> domain,
> 
> how can I delete delete all GPOs from AD y sysvol? and start over
> 
> [root at srv-cds ~]# samba-tool gpo del
> {31B2F340-016D-11D2-945F-00C04FB984F9} GPO
> {31B2F340-016D-11D2-945F-00C04FB984F9} is linked to containers
> ERROR(ldb): Error removing GPO from container - LDAP error 50
> LDAP_INSUFFICIENT_ACCESS_RIGHTS -
> 
> 
There are two default GPOs you need:

{31B2F340-016D-11D2-945F-00C04FB984F9}

{6AC1786C-016F-11D2-945F-00C04fB984F9}

You can delete any others, but you will need to use an admin user with
the required rights i.e. by adding '-U Administrator'

I also hope you mean that you are going to delete the zentyal DC rather
than the domain ;-)

Rowland

so how can I synchronize GPOs stored under the sysvol directory and 
stored in AD.



El 12/14/2017 a las 12:59 PM, Rowland Penny via samba
escribió:
> On Thu, 14 Dec 2017 12:25:29 -0500
> "Lic. Liusmer Martínez Q via samba" <samba at
lists.samba.org> wrote:
>
>> GPOs are not synchronized, because I'm going to delete the zentyal
>> domain,
>>
>> how can I delete delete all GPOs from AD y sysvol? and start over
>>
>> [root at srv-cds ~]# samba-tool gpo del
>> {31B2F340-016D-11D2-945F-00C04FB984F9} GPO
>> {31B2F340-016D-11D2-945F-00C04FB984F9} is linked to containers
>> ERROR(ldb): Error removing GPO from container - LDAP error 50
>> LDAP_INSUFFICIENT_ACCESS_RIGHTS -
>>
>>
> There are two default GPOs you need:
>
> {31B2F340-016D-11D2-945F-00C04FB984F9}
>
> {6AC1786C-016F-11D2-945F-00C04fB984F9}
>
> You can delete any others, but you will need to use an admin user with
> the required rights i.e. by adding '-U Administrator'
>
> I also hope you mean that you are going to delete the zentyal DC rather
> than the domain ;-)
>
> Rowland
>