Jason Keltz
2020-Dec-07 18:13 UTC
[Samba] samba 4.11.16 issue with demoting DC leaving reminants in sam.ldb
Hi. Through a few experiments, I've tried to re-install my secondary domain controller 3 times.? Each time, I demoted the DC, then readded it.? The re-add? works fine, but I now notice that when I use "samba-tool drs uptodateness", It is reporting one unknown invocation ID for each past install: Unknown invocation ID 50ade4c2-11e2-4d74-9248-362b54ce282a Unknown invocation ID c6821a62-0387-4e4b-925e-b76a501a8777 Unknown invocation ID e78be3c7-788a-4fbb-93f7-2bda7d95683a Unknown invocation ID 50ade4c2-11e2-4d74-9248-362b54ce282a Unknown invocation ID c6821a62-0387-4e4b-925e-b76a501a8777 Unknown invocation ID e78be3c7-788a-4fbb-93f7-2bda7d95683a Unknown invocation ID 50ade4c2-11e2-4d74-9248-362b54ce282a Unknown invocation ID c6821a62-0387-4e4b-925e-b76a501a8777 Unknown invocation ID e78be3c7-788a-4fbb-93f7-2bda7d95683a Unknown invocation ID 50ade4c2-11e2-4d74-9248-362b54ce282a Unknown invocation ID c6821a62-0387-4e4b-925e-b76a501a8777 Unknown invocation ID e78be3c7-788a-4fbb-93f7-2bda7d95683a Unknown invocation ID 50ade4c2-11e2-4d74-9248-362b54ce282a Unknown invocation ID c6821a62-0387-4e4b-925e-b76a501a8777 Unknown invocation ID e78be3c7-788a-4fbb-93f7-2bda7d95683a How do I delete these entries from sam.ldb? I added an extra line to "uptodateness", and it looks like this is coming from: DC=ad,DC=eecs,DC=yorku,DC=ca DC=ad,DC=eecs,DC=yorku,DC=ca DC=ad,DC=eecs,DC=yorku,DC=ca CN=Configuration,DC=ad,DC=eecs,DC=yorku,DC=ca CN=Configuration,DC=ad,DC=eecs,DC=yorku,DC=ca CN=Configuration,DC=ad,DC=eecs,DC=yorku,DC=ca CN=Schema,CN=Configuration,DC=ad,DC=eecs,DC=yorku,DC=ca CN=Schema,CN=Configuration,DC=ad,DC=eecs,DC=yorku,DC=ca CN=Schema,CN=Configuration,DC=ad,DC=eecs,DC=yorku,DC=ca DC=DomainDnsZones,DC=ad,DC=eecs,DC=yorku,DC=ca DC=DomainDnsZones,DC=ad,DC=eecs,DC=yorku,DC=ca DC=DomainDnsZones,DC=ad,DC=eecs,DC=yorku,DC=ca DC=ForestDnsZones,DC=ad,DC=eecs,DC=yorku,DC=ca DC=ForestDnsZones,DC=ad,DC=eecs,DC=yorku,DC=ca DC=ForestDnsZones,DC=ad,DC=eecs,DC=yorku,DC=ca Previous messages from Andrew B and Rowland say not to use ldbedit to modify the database directly, so I don't want to mess with that. samba-tool domain tombstones expunge doesn't help. I've tried running a dbcheck (though I admittedly had to stop it after awhile because it was very intensive, and even when reniced to lowest priority, it stopped all logins to our system)... Why is it that when demoting a DC, and following the instructions, these entries don't get deleted automatically? Is this a bug? Anyone? Jason.
Rowland penny
2020-Dec-07 18:54 UTC
[Samba] samba 4.11.16 issue with demoting DC leaving reminants in sam.ldb
On 07/12/2020 18:13, Jason Keltz via samba wrote:> Hi. > > Through a few experiments, I've tried to re-install my secondary > domain controller 3 times.? Each time, I demoted the DC, then readded > it.? The re-add? works fine, but I now notice that when I use > "samba-tool drs uptodateness", It is reporting one unknown invocation > ID for each past install: > > Unknown invocation ID 50ade4c2-11e2-4d74-9248-362b54ce282a > Unknown invocation ID c6821a62-0387-4e4b-925e-b76a501a8777 > Unknown invocation ID e78be3c7-788a-4fbb-93f7-2bda7d95683a > Unknown invocation ID 50ade4c2-11e2-4d74-9248-362b54ce282a > Unknown invocation ID c6821a62-0387-4e4b-925e-b76a501a8777 > Unknown invocation ID e78be3c7-788a-4fbb-93f7-2bda7d95683a > Unknown invocation ID 50ade4c2-11e2-4d74-9248-362b54ce282a > Unknown invocation ID c6821a62-0387-4e4b-925e-b76a501a8777 > Unknown invocation ID e78be3c7-788a-4fbb-93f7-2bda7d95683a > Unknown invocation ID 50ade4c2-11e2-4d74-9248-362b54ce282a > Unknown invocation ID c6821a62-0387-4e4b-925e-b76a501a8777 > Unknown invocation ID e78be3c7-788a-4fbb-93f7-2bda7d95683a > Unknown invocation ID 50ade4c2-11e2-4d74-9248-362b54ce282a > Unknown invocation ID c6821a62-0387-4e4b-925e-b76a501a8777 > Unknown invocation ID e78be3c7-788a-4fbb-93f7-2bda7d95683a > > How do I delete these entries from sam.ldb?Not sure, I cannot find the attribute in AD, also they are more worrying than meaning than anything. The latest code no longer prints them.> > > Previous messages from Andrew B and Rowland say not to use ldbedit to > modify the database directly, so I don't want to mess with that.No, I didn't say that, I said do not modify the files in sam.ldb.d directly, if you must modify something, modify the sam.ldb file.> > > samba-tool domain tombstones expunge doesn't help. > > I've tried running a dbcheck (though I admittedly had to stop it after > awhile because it was very intensive, and even when reniced to lowest > priority, it stopped all logins to our system)... > > Why is it that when demoting a DC, and following the instructions, > these entries don't get deleted automatically? Is this a bug?No (or if it is, blame Microsoft), the invocationId was meant to aid in restoring an individual DC (something that Samba doesn't recommend), but it doesn't seem to be used now. Just ignore them for now, they shouldn't cause any real problems, of course if you do have a problem, it might not have anything to do with the invocation ID's. Rowland