Hans Rasmussen
2021-Jan-29 19:34 UTC
[Samba] Following up on the GPO/Sysvolreset conversation
OK, so quite a while ago, I did do the bad thing and did a sysvolreset on our network with 2 DC's (DC1 and DC2) thinking that . I have a number of GPO's and Domain Admins has a GID. DC1 replicates sysvol to DC2 via rsync. DC1 holds all the FSMO's. Windows Group Policy Management shows DC2 as a "Domain Controller with replication in progress" but also shows SysVol as Inaccessible. The Domain functions correctly if DC1 or DC2 is down as far as I can tell. Running Samba Version 4.7.6-Ubuntu on Ubuntu 18.04.1 on both DC's So, how borked am I? Are there any steps I can take to fix my original egregious error. Thanks all Hans
Rowland penny
2021-Jan-29 19:58 UTC
[Samba] Following up on the GPO/Sysvolreset conversation
On 29/01/2021 19:34, Hans Rasmussen via samba wrote:> OK, so quite a while ago, I did do the bad thing and did a sysvolreset on > our network with 2 DC's (DC1 and DC2) thinking that . I have a number of > GPO's and Domain Admins has a GID. DC1 replicates sysvol to DC2 via rsync. > DC1 holds all the FSMO's. Windows Group Policy Management shows DC2 as a > "Domain Controller with replication in progress" but also shows SysVol as > Inaccessible. > > > > The Domain functions correctly if DC1 or DC2 is down as far as I can tell. > > > > Running Samba Version 4.7.6-Ubuntu on Ubuntu 18.04.1 on both DC'sIt would be better if you upgraded to 20.04, this would get you a much later version of Samba> > > > So, how borked am I? Are there any steps I can take to fix my original > egregious error.You have a couple of options here, remove the gidNumber from Domain Admins, or remove 'idmap_ldb:use rfc2307? = yes' from the DC's smb.conf, either will turn the group back into 'ID_TYPE_BOTH'. You can then run sysvolcheck and sysvolreset, you will also need to ensure that idmap.ldb is the same on all DC's Rowland