Index: 97_Bug-46643-add-sysvolcheck-option-mask-msad-differences.quilt
===================================================================
--- 97_Bug-46643-add-sysvolcheck-option-mask-msad-differences.quilt	(Revision 18581)
+++ 97_Bug-46643-add-sysvolcheck-option-mask-msad-differences.quilt	(Arbeitskopie)
@@ -23,7 +23,7 @@
  class cmd_ntacl(SuperCommand):
 --- a/python/samba/provision/__init__.py
 +++ b/python/samba/provision/__init__.py
-@@ -1834,8 +1834,179 @@
+@@ -1834,8 +1834,180 @@
                  raise ProvisioningError('%s NTACL of GPO directory %s %s does not match value %s expected from GPO object' % (acl_type(direct_db_access), os.path.join(root, name), fsacl_sddl_mapped, acl))
  
  
@@ -68,6 +68,7 @@
 +    ## at least in UCS, all base GPO directories have AI set, so expect that
 +    sd = security.descriptor.from_sddl(acl_expected_for_gpo, domainsid)
 +    sd.type |= security.SEC_DESC_DACL_AUTO_INHERITED
++    sd.type &= ~ security.SEC_DESC_DACL_AUTO_INHERIT_REQ
 +    acl_expected_for_gpo = sd.as_sddl(domainsid)
 +
 +    if fsacl_sddl_mapped != acl_expected_for_gpo: