Univention Bugzilla – Bug 47579
Add UMC system diagnostic check for orphaned GPO directories.
Last modified: 2018-08-13 16:29:15 CEST
Support reported a case where the sysvol share of some servers still had Group policy Object (GPO) specific directories that were not referenced any longer in Samba/AD. We should add a check for this as part of the UMC module "system diagnostic". I'm not sure if it's best to implement this as a separate diagnostic check of it would be better for the user experience to adjust this existing plugin: git/ucs/management/univention-management-console-module-diagnostic/umc/python/diagnostic/plugins/42_samba_tool_sysvolcheck.py +++ This bug was initially created as a clone of Bug #44876 +++ Adds a new diagnostic check `samba_tool_sysvolcheck.py` which runs `samba-tool ntacl sysvolcheck`.
Due to the multimaster LDAP replication between the Samba/AD Domain Controllers I guess the check would have to run ldbsearch (or ldapsearch) against all replicating domaincontrollers to find out if a given GPO really cannot be found anywhere (or if something is broken with the Samba/AD LDAP replication e.g.). Maybe we can learn something from /usr/lib/python2.7/dist-packages/samba/netcmd/drs.py function cmd_drs_showrepl That's the code that implements the functionality for the command line: samba-tool drs showrepl
This bug report doesn't make sense because that's exactly what the cron job of Bug 27468 should take care of. I'll create a new bug that properly states the problem seen in Ticket #2018080821000514.