Stefan G. Weichinger
2019-Jul-31 09:08 UTC
[Samba] GPO issues - getting SYSVOL cleaned up again
Am 31.07.19 um 10:47 schrieb L.P.H. van Belle via samba:> I pointed to that link becuase of the last message. >>> The OU the users were in required read permissions on the Authenticated Users security group! > Im guyessing this is what your problem is, i just dont know where in your AD.OK, that might be the case. So the step is "add/check ACLs on the SYSVOL-share for the OU of the users" ? Observation right now: on the W2008R2 server the GPOs apply now! on a w10 (per RDP) not - I definitely don't have the latest ADMX-files up on the DCs ... hesitating not to break more stuff
Stefan G. Weichinger
2019-Jul-31 09:25 UTC
[Samba] GPO issues - getting SYSVOL cleaned up again
You may remember that there is some DNS-entry (does it come from NT4-times??): dc.mydomain.at .. .205 (1st DC) pre01svdeb02 ... .205 (same machine, was the old NT4/samba-PDC) pre01svdeb03 ... .206 (2nd DC) ->From the w2008r2 I can access:\\192.168.16.205\\sysvol \\192.168.16.206\\sysvol \\pre01svdeb02\\sysvol \\pre01svdeb03\\sysvol But not \\dc\sysvol So to me it seems obvious to get rid of that "dc.mydomain.at" ... at least as a next step. Right? sorry for going loops here, I thought I was rid of that for months already.
Stefan G. Weichinger
2019-Jul-31 09:39 UTC
[Samba] GPO issues - getting SYSVOL cleaned up again
Am 31.07.19 um 11:25 schrieb Stefan G. Weichinger via samba:> So to me it seems obvious to get rid of that "dc.mydomain.at" ... at > least as a next step.Went through DNS on the windows server and rm-ed all containing "dc.mydomain.at" There was a SRV-record below "_msdcs.mydomain.at" "pdc" "_tcp" pointing to "dc.mydomain.at" tried to edit, didn't work, rm-ed it ... now there is only one SRV-entry there pointing to my "pre01svdeb02.mydomain.at" I assume I have to create a second one again?
L.P.H. van Belle
2019-Jul-31 09:51 UTC
[Samba] GPO issues - getting SYSVOL cleaned up again
Hai, yes i remember.> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Stefan G. Weichinger via samba > Verzonden: woensdag 31 juli 2019 11:26 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] GPO issues - getting SYSVOL cleaned up again > > > You may remember that there is some DNS-entry (does it come from > NT4-times??): > > dc.mydomain.at .. .205 (1st DC) > > pre01svdeb02 ... .205 (same machine, was the old NT4/samba-PDC) > > pre01svdeb03 ... .206 (2nd DC) > > > - > > From the w2008r2 I can access: > > \\192.168.16.205\\sysvol > \\192.168.16.206\\sysvol > > \\pre01svdeb02\\sysvol > \\pre01svdeb03\\sysvol > > But not > > \\dc\sysvolRun : nslookup dc If this one removed, then its a hunt for the dc record in the AD and DNS. Review with Windows tools, the Active Directory Sites and Services If there is nothing left there. Then, next, User/computer manager, check if DC exists somewhere. Next, check in DNS tool if DC exists in Zone primary.dnsdomain.tld ( and its reverse zone. ) And Zone _msdcs.primary.dnsdomain.tld> > So to me it seems obvious to get rid of that "dc.mydomain.at" ... at > least as a next step. > > Right?Yes,> > sorry for going loops here, I thought I was rid of that for > months already.No problem, your almost there. Ones its all ok, then you can relax again. ;-)> >Greetz, Louis
Stefan G. Weichinger
2019-Jul-31 09:59 UTC
[Samba] GPO issues - getting SYSVOL cleaned up again
Am 31.07.19 um 11:51 schrieb L.P.H. van Belle via samba:> Run : nslookup dcnon-existent: good, afaik> If this one removed, then its a hunt for the dc record in the AD and DNS. > Review with Windows tools, the Active Directory Sites and Services > If there is nothing left there.It's there in Sites - Default-First-Site-Name - Servers ...>> sorry for going loops here, I thought I was rid of that for >> months already. > > No problem, your almost there. Ones its all ok, then you can relax again. ;-)looking forward!