- First occasion. I discovered my Domain Controller was trying to replicate with one domain controller which does not exist for months, it was spamming errors in logs and
samba-tool show drs
was showing a lot of consecutive failed connections.
Obviously the domain controller was removed and did not appear anywhere in UCS. Took me a while to figure out how to remove it from samba, however from time to time I still see errors in logs but not as much.
- Second occasion. I have installed inventory tool which picks up all domain computers and the inventory tool discovered few computers which were removed weeks ago, for example a computer with unique name “test001” was added and removed the next day and it happened few weeks ago. Why did inventory tool picked up that computer now? I cannot see it in UCS however it seems it was not removed from Samba/elsewhere?
samba-tool dbcheck
shows that all records are ok.
It appears to me that UCS does not sync with backend software and it happened few times already on a different occasions, and there are more computers like that. While I could agree some of the computers were not removed properly in the right way, maybe “dirty” way, but some were removed properly even using “leave domain” function. I think this might be related to “trust relationship” issue we are experiencing, maybe those computers were affected?
Something like this
sdb.univention.de/1235
would be helpful to diagnose and remove those computers however I think this should not happen. Any links and commands would be appreciated.