On Tuesday, September 24th, 2024 at 15:29, bd730c5053df9efb via samba <samba
at lists.samba.org> wrote:
> Hi all!
>
> I demoted a samba 4.10.8 (slackware 14.2) ad dc called DC1 and joined to
the domain a samba 4.20.4 (debian 12.7) called DC3. There is also a samba 4.18.9
(slackware 15.0) ad dc called DC2 which for the moment holds all the FSMO roles.
The whole replacing an ad dc with another one worked out great but when I run
the command samba-tool dbcheck --cross-ncs on DC2 I got 3 "NOTES" and
2 "WARNING" stating (the DN has been obscured and
"513a2ea7-9ad8-496f-93db-2532cc6e9c45" was the GUID of DC1):
> Checking 4694 objects
> NOTE: old (due to rename or delete) DN string component for lastKnownParent
in object CN=NTDS
Settings\0ADEL:513a2ea7-9ad8-496f-93db-2532cc6e9c45,CN=DC1\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
-
CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
> Not fixing old string component
> WARNING: target DN is deleted for msDS-NC-Replica-Locations in object
CN=7e37a80b-2ead-4031-8acc-6f995ef154aa,CN=Partitions,CN=Configuration,DC=ad,DC=samdom,DC=com
-
<GUID=513a2ea7-9ad8-496f-93db-2532cc6e9c45>;<RMD_ADDTIME=132153595350000000>;<RMD_CHANGETIME=132153595350000000>;<RMD_FLAGS=0>;<RMD_INVOCID=3bbdc703-999b-4163-9d34-66692d318854>;<RMD_LOCAL_USN=4729>;<RMD_ORIGINATING_USN=3707>;<RMD_VERSION=1>;CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
>
> Target GUID points at deleted DN 'CN=NTDS
Settings\\0ADEL:513a2ea7-9ad8-496f-93db-2532cc6e9c45,CN=DC1\\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com'
> Not removing
> WARNING: target DN is deleted for msDS-NC-Replica-Locations in object
CN=c178fbfd-d5dc-42fe-88d1-1a03f5e4222a,CN=Partitions,CN=Configuration,DC=ad,DC=samdom,DC=com
-
<GUID=513a2ea7-9ad8-496f-93db-2532cc6e9c45>;<RMD_ADDTIME=132153595350000000>;<RMD_CHANGETIME=132153595350000000>;<RMD_FLAGS=0>;<RMD_INVOCID=3bbdc703-999b-4163-9d34-66692d318854>;<RMD_LOCAL_USN=4727>;<RMD_ORIGINATING_USN=3715>;<RMD_VERSION=1>;CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
>
> Target GUID points at deleted DN 'CN=NTDS
Settings\\0ADEL:513a2ea7-9ad8-496f-93db-2532cc6e9c45,CN=DC1\\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com'
> Not removing
> NOTE: old (due to rename or delete) DN string component for lastKnownParent
in object
CN=ee52ad50-8b1e-4597-bb00-8000af11ba33\0ADEL:b1d22847-24b7-4aeb-954a-6efc0078447a,CN=Deleted
Objects,CN=Configuration,DC=ad,DC=samdom,DC=com - CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
> Not fixing old string component
> NOTE: old (due to rename or delete) DN string component for
rIDSetReferences in object CN=DC1,CN=Computers,DC=ad,DC=samdom,DC=com - CN=RID
Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=samdom,DC=com
> Not fixing old string component
> Checked 4694 objects (2 errors)
>
> So, after this I executed the command samba-tool dbcheck --cross-ncs --fix
but as I wasn't sure about what it would do I answered "N" to all
the questions, here is the transcript of the command:
> Checking 4694 objects
> NOTE: old (due to rename or delete) DN string component for lastKnownParent
in object CN=NTDS
Settings\0ADEL:513a2ea7-9ad8-496f-93db-2532cc6e9c45,CN=DC1\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
-
CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
> Change DN to
<GUID=3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3>;CN=DC1\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com?
[y/N/all/none]
>
> Not fixing old string component
> WARNING: target DN is deleted for msDS-NC-Replica-Locations in object
CN=7e37a80b-2ead-4031-8acc-6f995ef154aa,CN=Partitions,CN=Configuration,DC=ad,DC=samdom,DC=com
-
<GUID=513a2ea7-9ad8-496f-93db-2532cc6e9c45>;<RMD_ADDTIME=132153595350000000>;<RMD_CHANGETIME=132153595350000000>;<RMD_FLAGS=0>;<RMD_INVOCID=3bbdc703-999b-4163-9d34-66692d318854>;<RMD_LOCAL_USN=4729>;<RMD_ORIGINATING_USN=3707>;<RMD_VERSION=1>;CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
>
> Target GUID points at deleted DN 'CN=NTDS
Settings\\0ADEL:513a2ea7-9ad8-496f-93db-2532cc6e9c45,CN=DC1\\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com'
> Remove stale DN link? [y/N/all/none]
> Not removing
> WARNING: target DN is deleted for msDS-NC-Replica-Locations in object
CN=c178fbfd-d5dc-42fe-88d1-1a03f5e4222a,CN=Partitions,CN=Configuration,DC=ad,DC=samdom,DC=com
-
<GUID=513a2ea7-9ad8-496f-93db-2532cc6e9c45>;<RMD_ADDTIME=132153595350000000>;<RMD_CHANGETIME=132153595350000000>;<RMD_FLAGS=0>;<RMD_INVOCID=3bbdc703-999b-4163-9d34-66692d318854>;<RMD_LOCAL_USN=4727>;<RMD_ORIGINATING_USN=3715>;<RMD_VERSION=1>;CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
>
> Target GUID points at deleted DN 'CN=NTDS
Settings\\0ADEL:513a2ea7-9ad8-496f-93db-2532cc6e9c45,CN=DC1\\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com'
> Remove stale DN link? [y/N/all/none]
> Not removing
> NOTE: old (due to rename or delete) DN string component for lastKnownParent
in object
CN=ee52ad50-8b1e-4597-bb00-8000af11ba33\0ADEL:b1d22847-24b7-4aeb-954a-6efc0078447a,CN=Deleted
Objects,CN=Configuration,DC=ad,DC=samdom,DC=com - CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com
> Change DN to <GUID=513a2ea7-9ad8-496f-93db-2532cc6e9c45>;CN=NTDS
Settings\0ADEL:513a2ea7-9ad8-496f-93db-2532cc6e9c45,CN=DC1\0ADEL:3ccd9bf3-e19a-49d9-a1a1-6afe151b72b3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samdom,DC=com?
[y/N/all/none]
>
> Not fixing old string component
> NOTE: old (due to rename or delete) DN string component for
rIDSetReferences in object CN=DC1,CN=Computers,DC=ad,DC=samdom,DC=com - CN=RID
Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=samdom,DC=com
> Change DN to <GUID=1acf56eb-0283-4a67-9970-91fa433885bd>;CN=RID
Set,CN=DC1,CN=Computers,DC=ad,DC=samdom,DC=com? [y/N/all/none]
>
> Not fixing old string component
> Checked 4694 objects (2 errors)
>
> I ask someone with more experience with this command, would it be safe to
answer Y to these questions?
>
> Thanks in advance!
> Best regards,
> Dave.
>
> Sent with Proton Mail secure email.
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
Hi all!
I answer myself just in case someone comes here looking for this. I took a
snapshot of the VM's where the dc's are running before running the fix
just in case. I ran the command "samba-tool dbcheck --cross-ncs --fix"
command and answered Y to the questions and everything seems to be working ok.
Best regards.
Dave.