Bug 46741 - GPO application fails after moving windows machine account to other OU via UMC
GPO application fails after moving windows machine account to other OU via UMC
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 4.3
Other Linux
: P5 normal (vote)
: UCS 4.3-0-errata
Assigned To: Felix Botner
Arvid Requate
Depends on:
  Show dependency treegraph
Reported: 2018-03-26 13:41 CEST by Arvid Requate
Modified: 2018-04-18 13:51 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.154
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support: Yes
Ticket number: 2018030821000649
Bug group (optional):
Max CVSS v3 score:

preserve_case_in_sync_from_ucs_move.patch (1.35 KB, patch)
2018-03-26 16:08 CEST, Arvid Requate
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2018-03-26 13:41:58 CEST
Ticket# 2018030821000649:

Situation: Windows client joined, machine account created beneath some OU1 (via redircmp). GPO with machine affecting policy attached to OU2. Now move machine account to OU2 and reboot:

1. When done from a Windows client via ADUC GUI: GPO is applied correctly.
2. When done via UMC: GPO is not applied => Bug

This is before the move:

root@master10:~# univention-s4search cn=win7pro230    
# record 1
dn: CN=WIN7PRO230,OU=OU1,DC=ar41i1,DC=qa

This is after:

root@master10:~# univention-s4search cn=win7pro230
# record 1
dn: CN=win7pro230,OU=OU2,DC=ar41i1,DC=qa

Restoring the original uppercase spelling fixes the issue (took two reboots in my case):

root@master10:~# ldbrename -H /var/lib/samba/private/sam.ldb \
                 CN=win7pro230,OU=OU2,DC=ar41i1,DC=qa \
Comment 1 Arvid Requate univentionstaff 2018-03-26 16:08:13 CEST
Created attachment 9487 [details]

This patch should fix it and improve a debugging message.
Comment 2 Felix Botner univentionstaff 2018-04-16 14:26:12 CEST
ucs-test - 7f3c49c06c63f0ce59ea8fece8e0e06ba21a7ba2
added 403rename_computer_object_ad_and_check_case

univention-s4-connector - 0478a563dc5ee43d67f9f95f662446523f372bc9
applied patch

yaml - 22272aff7c858bcf3913a17c6fc06ca7db1b010e
Comment 3 Arvid Requate univentionstaff 2018-04-17 17:46:59 CEST
Ok, works, test case too and the advisory looks good.
Comment 4 Arvid Requate univentionstaff 2018-04-18 13:51:59 CEST