mj
2021-May-31 18:13 UTC
[Samba] steady increase of objects reported by dbcheck in my test samdom
Hi, In my samdom test AD, I am observing a constant increase of objects reported by dbcheck. As an example: During the last hour, the number of objects has increased from 2646 to 2660, in small steps. This test samdom is just three DCs with no actual clients accessing or using it. One samba DC, one win2008R2 DC and one win2012R2 DC. samba-tool dbcheck [--cross-ncs] reports no errors, it replicates fine, there are no offline DCs, etc. Nothing seems to be wrong, just the number of objects increases. I am curious what the added objects are: is there a way to find this out? I'm looking for something like slapcat of the entire AD to an ldif, so I can compare these LDIFs and identify the changes between them. I know about tdbbackup, but it generates binary files, so these are difficult to compare. Ideas? And also on what could cause the number of objects to grow? MJ
Rowland penny
2021-May-31 18:36 UTC
[Samba] steady increase of objects reported by dbcheck in my test samdom
On 31/05/2021 19:13, mj via samba wrote:> Hi, > > In my samdom test AD, I am observing a constant increase of objects > reported by dbcheck. > > As an example: During the last hour, the number of objects has > increased from 2646 to 2660, in small steps. This test samdom is just > three DCs with no actual clients accessing or using it. One samba DC, > one win2008R2 DC and one win2012R2 DC.Deleted objects ??> > samba-tool dbcheck [--cross-ncs] reports no errors, it replicates > fine, there are no offline DCs, etc. Nothing seems to be wrong, just > the number of objects increases. > > I am curious what the added objects are: is there a way to find this out? > > I'm looking for something like slapcat of the entire AD to an ldif, so > I can compare these LDIFs and identify the changes between them.Run on the Samba DC: ldbsearch --cross-ncs --show-binary -H $(samba -b | grep 'PRIVATE_DIR' | sed 's/?? PRIVATE_DIR: //')/sam.ldb -P > AD.ldif This will dump the entire AD into an ldif You can probably do something similar against the Windows DC's by replacing the '$(samba -b | grep 'PRIVATE_DIR' | sed 's/ PRIVATE_DIR: //')/sam.ldb' with 'ldap://DC_NAME' , where 'DC_NAME' is the DC's hostname, and replace '-P' with '-U Administrator'. You will also need to change the ldif file name.> > Ideas? And also on what could cause the number of objects to grow?Hard to tell, deleted objects, or collisions, or tombstones ??? Rowland