On 17/11/2020 16:19, Mani Wieser via samba wrote:> ldbdel is definitely not the right tool: it will delete both records > > lddsearch: returned 2 records, because the dn is exactly the sameDidn't think you could have two records with the same DN, if this is true, then it does sound like a bug, care to share the two DN's ? Rowland
your are right: it has the name two times in the dn server1:/var/log# ldbsearch -H /var/lib/samba/private/sam.ldb -b CN=MicrosoftDNS,DC=DomainDnsZones,DC=ad,DC=horn '(dc=ad.horn)' # record 1 dn: DC=ad.horn,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ad,DC=horn objectClass: top objectClass: dnsZone instanceType: 4 whenCreated: 20200708143747.0Z uSNCreated: 13579 showInAdvancedViewOnly: TRUE name: ad.horn objectGUID: 65596d8b-5b3d-4682-865c-b98bcd213ba9 objectCategory: CN=Dns-Zone,CN=Schema,CN=Configuration,DC=ad,DC=horn dc: ad.horn dNSProperty:: BAAAAAAAAAAAAAAAAQAAAAEAAAABAAAAAAAAAA=dNSProperty:: AQAAAAAAAAAAAAAAAQAAAAIAAAACAAAAAA=dNSProperty:: CAAAAAAAAAAAAAAAAQAAAAgAAAAAAAAAAAAAAAAAAAAdNSProperty:: BAAAAAAAAAAAAAAAAQAAABAAAACoAAAAAAAAAA=dNSProperty:: BAAAAAAAAAAAAAAAAQAAACAAAACoAAAAAAAAAA=dNSProperty:: BAAAAAAAAAAAAAAAAQAAAEAAAAABAAAAAAAAAA=dNSProperty:: BAAAAAAAAAAAAAAAAQAAABIAAAAAAAAAAAAAAA=whenChanged: 20200708153133.0Z uSNChanged: 13692 distinguishedName: DC=ad.horn,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ad,DC=horn # record 2 dn: DC=ad.horn,DC=ad.horn,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ad,DC=horn objectClass: top objectClass: dnsNode instanceType: 4 whenCreated: 20201117170708.0Z whenChanged: 20201117170708.0Z uSNCreated: 40988 uSNChanged: 40988 showInAdvancedViewOnly: TRUE name: ad.horn objectGUID: 7496bdff-6732-4d37-b33f-2e4e83a0d3da objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=ad,DC=horn dc: ad.horn distinguishedName: DC=ad.horn,DC=ad.horn,CN=MicrosoftDNS,DC=DomainDnsZones,DC ?ad,DC=horn # returned 2 records # 2 entries # 0 referrals On 17.11.2020 17:53, Rowland penny via samba wrote:> On 17/11/2020 16:19, Mani Wieser via samba wrote: >> ldbdel is definitely not the right tool: it will delete both records >> >> lddsearch: returned 2 records, because the dn is exactly the same > > Didn't think you could have two records with the same DN, if this is > true, then it does sound like a bug, care to share the two DN's ? > > Rowland > > >
server1:/var/log# ldbdel --cross-ncs -H /var/lib/samba/private/sam.ldb 'DC=ad.horn,DC=ad.horn,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ad,DC=horn' Deleted 1 record does the job ;-) On 17.11.2020 18:11, Mani Wieser via samba wrote:> your are right: it has the name two times in the dn > > server1:/var/log# ldbsearch -H /var/lib/samba/private/sam.ldb -b > CN=MicrosoftDNS,DC=DomainDnsZones,DC=ad,DC=horn '(dc=ad.horn)' > # record 1 > dn: DC=ad.horn,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ad,DC=horn > objectClass: top > objectClass: dnsZone > instanceType: 4 > whenCreated: 20200708143747.0Z > uSNCreated: 13579 > showInAdvancedViewOnly: TRUE > name: ad.horn > objectGUID: 65596d8b-5b3d-4682-865c-b98bcd213ba9 > objectCategory: CN=Dns-Zone,CN=Schema,CN=Configuration,DC=ad,DC=horn > dc: ad.horn > dNSProperty:: BAAAAAAAAAAAAAAAAQAAAAEAAAABAAAAAAAAAA=> dNSProperty:: AQAAAAAAAAAAAAAAAQAAAAIAAAACAAAAAA=> dNSProperty:: CAAAAAAAAAAAAAAAAQAAAAgAAAAAAAAAAAAAAAAAAAA> dNSProperty:: BAAAAAAAAAAAAAAAAQAAABAAAACoAAAAAAAAAA=> dNSProperty:: BAAAAAAAAAAAAAAAAQAAACAAAACoAAAAAAAAAA=> dNSProperty:: BAAAAAAAAAAAAAAAAQAAAEAAAAABAAAAAAAAAA=> dNSProperty:: BAAAAAAAAAAAAAAAAQAAABIAAAAAAAAAAAAAAA=> whenChanged: 20200708153133.0Z > uSNChanged: 13692 > distinguishedName: > DC=ad.horn,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ad,DC=horn > > # record 2 > dn: DC=ad.horn,DC=ad.horn,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ad,DC=horn > objectClass: top > objectClass: dnsNode > instanceType: 4 > whenCreated: 20201117170708.0Z > whenChanged: 20201117170708.0Z > uSNCreated: 40988 > uSNChanged: 40988 > showInAdvancedViewOnly: TRUE > name: ad.horn > objectGUID: 7496bdff-6732-4d37-b33f-2e4e83a0d3da > objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=ad,DC=horn > dc: ad.horn > distinguishedName: > DC=ad.horn,DC=ad.horn,CN=MicrosoftDNS,DC=DomainDnsZones,DC> ?ad,DC=horn > > # returned 2 records > # 2 entries > # 0 referrals > > > > On 17.11.2020 17:53, Rowland penny via samba wrote: >> On 17/11/2020 16:19, Mani Wieser via samba wrote: >>> ldbdel is definitely not the right tool: it will delete both records >>> >>> lddsearch: returned 2 records, because the dn is exactly the same >> >> Didn't think you could have two records with the same DN, if this is >> true, then it does sound like a bug, care to share the two DN's ? >> >> Rowland >> >> >> >
On 17/11/2020 17:11, Mani Wieser via samba wrote:> your are right: it has the name two times in the dnThat boils down to: dn: DC=ad.horn,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ad,DC=horn dn: DC=ad.horn,DC=ad.horn,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ad,DC=horn Clone a DC and try to delete the DN: DC=ad.horn,DC=ad.horn,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ad,DC=horn with ldbdel. Rowland