hello, There is a group in my AD that has a user that does not exist. I can see it via RSAT. By running the command: samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes The following error occurs: Checking 10016 objects WARNING: no target object found for GUID component for one-way forward link member in object CN=ALUNOS,OU=GRUPOS,OU=CAMPUS,DC=mycompany,DC=net - <GUID=44b7fb44-1a88-42a4-854b-60bddd391577>;<RMD_ADDTIME=132010533870000000>;<RMD_CHANGETIME=132449656310000000>;<RMD_FLAGS=1>;<RMD_INVOCID=d6e94e28-0706-4604-8ab8-b22e62fd2a8c>;<RMD_LOCAL_USN=5547941>;<RMD_ORIGINATING_USN=5547941>;<RMD_VERSION=2>;<SID=S-1-5-21-2137976744-3574706186-1594704298-6995>;CN=ISAIAS,OU=ALUNOS,OU=USUARIOS,OU=CAMPUS,DC=mycompany,DC=net If I try to force the synchronization between the 2 ADDC I have, the following error occurs: samba-tool drs replicate DC3 DC4 DC=mycompany,DC=net --full-sync error: ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP') Via ldbdel can I remove this "link"? -- Elias Pereira
hi, I listed the 0ADEL entries with the command below and didn't find the object. # ldbsearch --cross-ncs --show-deleted -H /var/lib/samba/private/sam.ldb | grep "\0ADEL" I tried to delete using the command below, but it says it doesn't exist. # ldbdel -H /var/lib/samba/private/sam.ldb "<GUID=44b7fb44-1a88-42a4-854b-60bddd391577>" --show-deleted --relax delete of '' failed - (No such object) Base-DN '<GUID=44b7fb44-1a88-42a4-854b-60bdddd391577>' not found But, if I run the samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes command, the entry appear and in the samba log shows: Sep 19 20:18:58 dc3 samba[11913]: task[dreplsrv][11913]: [2020/09/19 20:18:58.104688, 0] ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug) Sep 19 20:18:58 dc3 samba[11913]: task[dreplsrv][11913]: ldb: No objectClass found in replPropertyMetaData for CN=ISAIAS\0ADEL:44b7fb44-1a88-42a4-854b-60bddd391577,CN=Deleted Objects,DC=mycompany,DC=net! Sep 19 20:18:58 dc3 samba[11913]: task[dreplsrv][11913]: Sep 19 20:18:58 dc3 samba[11913]: task[dreplsrv][11913]: [2020/09/19 20:18:58.108351, 0] ../../source4/dsdb/repl/drepl_out_helpers.c:1184(dreplsrv_op_pull_source_apply_changes_trigger) Sep 19 20:18:58 dc3 samba[11913]: task[dreplsrv][11913]: Failed to commit objects: WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE Sep 19 20:23:58 dc3 samba[11913]: task[dreplsrv][11913]: [2020/09/19 20:23:58.057693, 0] ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug) Sep 19 20:23:58 dc3 samba[11913]: task[dreplsrv][11913]: ldb: No objectClass found in replPropertyMetaData for CN=ISAIAS\0ADEL:44b7fb44-1a88-42a4-854b-60bddd391577,CN=Deleted Objects,DC=mycompany,DC=net! Sep 19 20:23:58 dc3 samba[11913]: task[dreplsrv][11913]: Sep 19 20:23:58 dc3 samba[11913]: task[dreplsrv][11913]: [2020/09/19 20:23:58.059666, 0] ../../source4/dsdb/repl/drepl_out_helpers.c:1184(dreplsrv_op_pull_source_apply_changes_trigger) Sep 19 20:23:58 dc3 samba[11913]: task[dreplsrv][11913]: Failed to commit objects: WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE Any idea? On Sat, Sep 19, 2020 at 2:27 AM Elias Pereira <empbilly at gmail.com> wrote:> hello, > > There is a group in my AD that has a user that does not exist. I can see > it via RSAT. > > By running the command: > samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes > > The following error occurs: > Checking 10016 objects > WARNING: no target object found for GUID component for one-way forward > link member in object CN=ALUNOS,OU=GRUPOS,OU=CAMPUS,DC=mycompany,DC=net - > <GUID=44b7fb44-1a88-42a4-854b-60bddd391577>;<RMD_ADDTIME=132010533870000000>;<RMD_CHANGETIME=132449656310000000>;<RMD_FLAGS=1>;<RMD_INVOCID=d6e94e28-0706-4604-8ab8-b22e62fd2a8c>;<RMD_LOCAL_USN=5547941>;<RMD_ORIGINATING_USN=5547941>;<RMD_VERSION=2>;<SID=S-1-5-21-2137976744-3574706186-1594704298-6995>;CN=ISAIAS,OU=ALUNOS,OU=USUARIOS,OU=CAMPUS,DC=mycompany,DC=net > > If I try to force the synchronization between the 2 ADDC I have, the > following error occurs: > samba-tool drs replicate DC3 DC4 DC=mycompany,DC=net --full-sync > > error: > ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - > drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP') > > Via ldbdel can I remove this "link"? > > -- > Elias Pereira >-- Elias Pereira
On 20/09/2020 00:30, Elias Pereira via samba wrote:> hi, > > I listed the 0ADEL entries with the command below and didn't find the > object. > # ldbsearch --cross-ncs --show-deleted -H /var/lib/samba/private/sam.ldb | > grep "\0ADEL" > > I tried to delete using the command below, but it says it doesn't exist. > # ldbdel -H /var/lib/samba/private/sam.ldb > "<GUID=44b7fb44-1a88-42a4-854b-60bddd391577>" --show-deleted --relax > delete of '' failed - (No such object) Base-DN > '<GUID=44b7fb44-1a88-42a4-854b-60bdddd391577>' not found > > But, if I run the samba-tool dbcheck --cross-ncs --reset-well-known-acls > --fix --yes command, the entry appear and in the samba log > shows: > > Sep 19 20:18:58 dc3 samba[11913]: task[dreplsrv][11913]: [2020/09/19 > 20:18:58.104688, 0] ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug) > Sep 19 20:18:58 dc3 samba[11913]: task[dreplsrv][11913]: ldb: No > objectClass found in replPropertyMetaData for > CN=ISAIAS\0ADEL:44b7fb44-1a88-42a4-854b-60bddd391577,CN=Deleted > Objects,DC=mycompany,DC=net! > Sep 19 20:18:58 dc3 samba[11913]: task[dreplsrv][11913]: > Sep 19 20:18:58 dc3 samba[11913]: task[dreplsrv][11913]: [2020/09/19 > 20:18:58.108351, 0] > ../../source4/dsdb/repl/drepl_out_helpers.c:1184(dreplsrv_op_pull_source_apply_changes_trigger) > Sep 19 20:18:58 dc3 samba[11913]: task[dreplsrv][11913]: Failed to commit > objects: WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE > Sep 19 20:23:58 dc3 samba[11913]: task[dreplsrv][11913]: [2020/09/19 > 20:23:58.057693, 0] ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug) > Sep 19 20:23:58 dc3 samba[11913]: task[dreplsrv][11913]: ldb: No > objectClass found in replPropertyMetaData for > CN=ISAIAS\0ADEL:44b7fb44-1a88-42a4-854b-60bddd391577,CN=Deleted > Objects,DC=mycompany,DC=net! > Sep 19 20:23:58 dc3 samba[11913]: task[dreplsrv][11913]: > Sep 19 20:23:58 dc3 samba[11913]: task[dreplsrv][11913]: [2020/09/19 > 20:23:58.059666, 0] > ../../source4/dsdb/repl/drepl_out_helpers.c:1184(dreplsrv_op_pull_source_apply_changes_trigger) > Sep 19 20:23:58 dc3 samba[11913]: task[dreplsrv][11913]: Failed to commit > objects: WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE > > Any idea? > > > On Sat, Sep 19, 2020 at 2:27 AM Elias Pereira <empbilly at gmail.com> wrote: > >> hello, >> >> There is a group in my AD that has a user that does not exist. I can see >> it via RSAT. >> >> By running the command: >> samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes >> >> The following error occurs: >> Checking 10016 objects >> WARNING: no target object found for GUID component for one-way forward >> link member in object CN=ALUNOS,OU=GRUPOS,OU=CAMPUS,DC=mycompany,DC=net - >> <GUID=44b7fb44-1a88-42a4-854b-60bddd391577>;<RMD_ADDTIME=132010533870000000>;<RMD_CHANGETIME=132449656310000000>;<RMD_FLAGS=1>;<RMD_INVOCID=d6e94e28-0706-4604-8ab8-b22e62fd2a8c>;<RMD_LOCAL_USN=5547941>;<RMD_ORIGINATING_USN=5547941>;<RMD_VERSION=2>;<SID=S-1-5-21-2137976744-3574706186-1594704298-6995>;CN=ISAIAS,OU=ALUNOS,OU=USUARIOS,OU=CAMPUS,DC=mycompany,DC=net >> >> If I try to force the synchronization between the 2 ADDC I have, the >> following error occurs: >> samba-tool drs replicate DC3 DC4 DC=mycompany,DC=net --full-sync >> >> error: >> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - >> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP') >> >> Via ldbdel can I remove this "link"? >> >> -- >> Elias Pereira >> >Well, you wouldn't be able to delete it, how can you delete something that has already been deleted :-) Try running this: samba-tool domain tombstones expunge --tombstone-lifetime=1 Rowland