samba - Apr 2019 - joined computer not appear in all DCs (DC4 not sync with DC3)

Hello,

I had posted this in another topic, but because the problem is different, I
decided to create a new topic.

Conf:
- Primary DC/pdc Emulator as DC3
- Second DC as DC4

After an upgrade from schema 45 to 69 in DCs, when adding a computer in the
domain and if the domain to respond is DC4 the synchronization for DC3 is
not done.

I already did several tests that I already knew and also new ones that I
found in the wiki, but without success in finding the problem.

Below is a test that shows the difference.

root at dc3:~# samba-tool ldapcmp ldap://DC3 ldap://DC4 -Uadministrator domain
--filter=msDS-NcType,serverState,subrefs,lastLogonTimestamp,description,pwdLastSet
Password for [CAMPUS\administrator]:

* Comparing [DOMAIN] context...

* DN lists have different size: 3804 != 3805

* DNs found only in ldap://DC4:
    CN=MINT-TESTE,CN=COMPUTERS,DC=CAMPUS,DC=SERTAO,DC=IFRS,DC=EDU,DC=BR

* Objects to be compared: 3804

* Result for [DOMAIN]: FAILURE

SUMMARY
---------
ERROR: Compare failed: -1

samba-tool drs showrepl *all show ok*
samba_dnsupdate --verbose --all-names *all show ok*
samba-tool dbcheck --cross-ncs --fix *no errors*
samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes *no
erros*

Synchronization should be automatic, right?

-- 
Elias Pereira

>
> Rowland says:
> If you change anything in AD on one DC, it should replicate to any other
> DC's in the domain. There are some attributes that never replicate, but
> these are few and usually have to do with things that are only
> relevant to one DC.

I agree with you, but for some reason, my DCs are not doing this with
computers. I did a test with a user and did the sync.

Any way to debug this?

On Thu, Apr 18, 2019 at 11:58 PM Elias Pereira <empbilly at gmail.com>
wrote:
> Hello,
>
> I had posted this in another topic, but because the problem is different,
> I decided to create a new topic.
>
> Conf:
> - Primary DC/pdc Emulator as DC3
> - Second DC as DC4
>
> After an upgrade from schema 45 to 69 in DCs, when adding a computer in
> the domain and if the domain to respond is DC4 the synchronization for DC3
> is not done.
>
> I already did several tests that I already knew and also new ones that I
> found in the wiki, but without success in finding the problem.
>
> Below is a test that shows the difference.
>
> root at dc3:~# samba-tool ldapcmp ldap://DC3 ldap://DC4 -Uadministrator
> domain
>
--filter=msDS-NcType,serverState,subrefs,lastLogonTimestamp,description,pwdLastSet
> Password for [CAMPUS\administrator]:
>
> * Comparing [DOMAIN] context...
>
> * DN lists have different size: 3804 != 3805
>
> * DNs found only in ldap://DC4:
>     CN=MINT-TESTE,CN=COMPUTERS,DC=CAMPUS,DC=SERTAO,DC=IFRS,DC=EDU,DC=BR
>
> * Objects to be compared: 3804
>
> * Result for [DOMAIN]: FAILURE
>
> SUMMARY
> ---------
> ERROR: Compare failed: -1
>
> samba-tool drs showrepl *all show ok*
> samba_dnsupdate --verbose --all-names *all show ok*
> samba-tool dbcheck --cross-ncs --fix *no errors*
> samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes *no
> erros*
>
> Synchronization should be automatic, right?
>
> --
> Elias Pereira
>

-- 
Elias Pereira