Hi everyone,
I've got an interesting problem; I have a multi AD-DC setup using Samba 4.
They're using the rsync method to replicate SysVol as per the docs here:
https://wiki.samba.org/index.php/Rsync_based_SysVol_replication_workaround.
If I create a new GPO on the main DC, it replicates just fine to the second
DC. However, when a client tries to apply those policies ("gpupdate
/force"
on the client), I get an error saying the policy cannot be read. However,
if I run "samba-tool ntacl sysvolreset" on the second DC, the GPO then
applies perfectly.
I've checked using "getfacl" on the sysvol directory and its
contents are
identical to the main DC.
Does anyone know if its harmful just to run "samba-tool ntacl
sysvolreset"
after every rsync to the second DC? Or if this issue is well known at all?
Thanks in advance.
Andrew