Univention Corporate Server (UCS) » Services for Windows

ID #1256

Samba 4 - Deleted Objects

WORK IN PROGRESS

Produktlogo UCS UCS 3.1/3.2 

 

Samba 4 - How to deal with Deleted Objects

Deleted Objects

Active Directory stores Deleted Objects for a while instead of removing them directly. This procedure is justified by the replication mechanism and will not cause any problems in general.

It can occur that old references at objects will be updated and point to Deleted Objects - this could be an issue - for example if using a deleted object as masteredBy reference at the domain object.

Please be aware of the fact that deleted objects itself are no problem - they are used by design not by accident!
So, before deleting anything please make sure that you backed up your ldb and be sure that the references found are bad and should be deleted - for example if they disturb the drs replication.

Find them - ldbsearch

You can use ldbsearch for searching the ldb. With this command you will search the ldb for occurances of Deleted Objects.
Attention: Every occurance of dn or distinguishedName is okay here - we are only looking for references!

ldbsearch --cross-ncs --show-deleted -H /var/lib/samba/private/sam.ldb | grep "\0ADEL"

Remove the references - ldbedit

If finding a reference to a deleted object which causes problems, you can edit the ldb in order to remove the reference:

ldbedit -H /var/lib/samba/private/sam.ldb -b <object dn> -s base

Example:

root@server:~# ldbsearch --cross-ncs --show-deleted -H /var/lib/samba/private/sam.ldb | grep "\0ADEL"
masteredBy: CN=NTDS Settings\0ADEL:269337d0-8610-4613-a2a4-ecf1bd4ea78e,CN=BAC KUP\0ADEL:785f0de4-88b1-47bd-b4cd-69ab02e73f6c,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=domain,DC=test

root@server:~# ldbsearch --cross-ncs --show-deleted -H /var/lib/samba/private/sam.ldb masteredBy="CN=NTDS Settings\0ADEL:269337d0-8610-4613-a2a4-ecf1bd4ea78e,CN=BAC KUP\0ADEL:785f0de4-88b1-47bd-b4cd-69ab02e73f6c,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=domain,DC=test" dn
# record 1
dn: DC=domain,DC=test
# returned 1 records
# 1 entries
# 0 refferals

root@server:~# ldbedit -H /var/lib/samba/private/sam.ldb -b DC=domain,DC=test -s base

The last command will spawn an editor. The default should be vi, you can specify another editor within the env varibale $EDITOR.
We have the domain object opened now and can edit it like an text document. So we jump to the masteredBy line we are looking for and remove it.

Tags: active directory, ad, drs, drs replication, s4, samba 4, samba4

Related entries:

Last update: 2014-02-04 10:27
Author: Tim Petersen
Revision: 1.10

Digg it! Share on Facebook Print this record Send FAQ to a friend Show this as PDF file
Please rate this FAQ:

Average rating: 0 (0 Votes)

completely useless 1 2 3 4 5 most valuable

You cannot comment on this entry