hi, I have to delete about 6000 old machine accounts. samba-tool computer delete RESERVE23 does not end. when I interrupt it with CRTL + C, the PC is deleted. deleting the computer accounts with RSAT works. can i also delete the computer accounts with ldapdelete? Version 4.21.1 regards, heinz
On Mon, 18 Nov 2024 13:40:39 +0000 Heinz H?lzl via samba <samba at lists.samba.org> wrote:> hi, > > I have to delete about 6000 old machine accounts. > > samba-tool computer delete RESERVE23 does not end.It should, at least it does for me and fairly quickly: adminuser at rpidc1:~ $ time sudo samba-tool computer delete lmde5$ Deleted computer lmde5$ real 0m1.035s user 0m0.801s sys 0m0.174s Note: I added the '$' at the end as a test, the 'help' from the command says this: The computername specified on the command is the sAMAccountName without the trailing $ (dollar sign). But the actual code checks if the '$' is there and adds it if it isn't. So why is your attempt hanging ? I take it you are running the command on a DC and as 'root' Is your DC swamped by other ldap searches (most of which seem to be for authentication and they could be done by other methods) ?> > when I interrupt it with CRTL + C, the PC is deleted. > deleting the computer accounts with RSAT works. > > can i also delete the computer accounts with ldapdelete?I would suggest using ldbdelete instead. Rowland
On 19/11/24 02:40, Heinz H?lzl via samba wrote:> hi, > > I have to delete about 6000 old machine accounts. > > samba-tool computer delete RESERVE23 does not end.What this command does is delete the record itself, then tries to delete related DNS records. I think what is happening is the initial delete is working, but DNS is not, and samba-tool is left waiting for a response. To verify this theory: 1. check the account has a dNSHostName attribute 2. look up that adress with `dig` or something. If it hangs, then DNS is not working.> when I interrupt it with CRTL + C, the PC is deleted. > deleting the computer accounts with RSAT works. > > can i also delete the computer accounts with ldapdelete?Probably. The DNS records will not be cleaned up, but they weren't being anyway with samba-tool hanging. Douglas