_msdcs not mapped correctly

talleyrand · November 10, 2022, 1:46am

due to multiple bugs in 5.0.2 that took months to resolve, the migration from 2008R2 AD , was less than clean.

The “legacy” in “connector/s4/mapping/dns/position” was still set up until yesterday, EVEN though

the script from this BUG was showing there was NO migration needed.

https://forge.univention.org/bugzilla/show_bug.cgi?id=43692

after we removed the “legacy” setting & rebooted, we started to see:

(WARNING): __get_s4_msdcs_soa: _msdcs sub-zone for gp01.orgblownn-up.com not found in S4

so clearly the script is either not identifying our case and the _msdcs is still in the wrong location
(does not throw errors when set to legacy)

or something else is wrong with the position.

10.11.22 09:15:18.295  DEBUG_INIT
10.11.2022 09:17:04.763 LDAP        (PROCESS): sync AD > UCS: [windowscomputer] [    modify] 'cn=xx-9030,cn=computers,dc=gp01,dc=org,dc=blown-up,dc=com'
10.11.2022 09:17:15.847 LDAP        (PROCESS): sync AD > UCS: [windowscomputer] [    modify] 'cn=xx-9030,cn=computers,dc=gp01,dc=org,dc=blown-up,dc=com'
10.11.2022 09:17:36.955 LDAP        (PROCESS): sync AD > UCS: [           dns] [    modify] 'zonename=gp01.org.blown-up.com,cn=dns,dc=gp01,dc=org,dc=blown-up,dc=com'
10.11.2022 09:17:36.956 LDAP        (WARNING): __get_s4_msdcs_soa: _msdcs sub-zone for gp01.org.blown-up.com not found in S4
10.11.2022 09:17:36.981 LDAP        (PROCESS): sync AD > UCS: [           dns] [    modify] 'relativedomainname=xx-9025,zonename=gp01.org.blown-up.com,cn=dns,dc=gp01,dc=org,dc=blown-up,dc=com'
10.11.2022 09:17:43.047 LDAP        (PROCESS): sync UCS > AD: [           dns] [    modify] 'dc=@,dc=gp01.org.blown-up.com,cn=microsoftdns,dc=domaindnszones,DC=gp01,DC=org,DC=blown-up,DC=com'
10.11.2022 09:17:43.056 LDAP        (WARNING): __get_s4_msdcs_soa: _msdcs sub-zone for gp01.org.blown-up.com not found in S4
10.11.2022 09:17:44.076 LDAP        (PROCESS): sync AD > UCS: [           dns] [    modify] 'zonename=gp01.org.blown-up.com,cn=dns,dc=gp01,dc=org,dc=blownn-up,dc=com'
10.11.2022 09:17:44.077 LDAP        (WARNING): __get_s4_msdcs_soa: _msdcs sub-zone for gp01.orgblownn-up.com not found in S4
10.11.2022 09:19:05.421 LDAP        (PROCESS): sync AD > UCS: [windowscomputer] [    modify] 'cn=xx-9064,cn=computers,dc=gp01,dc=org,dcblownn-up,dc=com'
10.11.2022 09:20:17.770 MAIN        (------ ): DEBUG_INIT

talleyrand · November 11, 2022, 5:09am

this was due to a bug in the old " [ migrate_legacy_dns_zones**] script, which left the _msdcs in “DomainDNSZones”

There should be an additional script or a fixed script to check this & move it to the “forestDNS”
also this script patches out the S4connector paramiters to IGNORE _msdcs for replication

but on a “normal” 5.0.2 install , this patch is missing out of a clean install:

Prevent Bug #50361:

if [ “${connector_s4_mapping_dns_ignorelist//,_msdcs}” = “${connector_s4_mapping_dns_ignorelist}” ]; then
ucr set connector/s4/mapping/dns/ignorelist="${connector_s4_mapping_dns_ignorelist},_msdcs"
fi

so… which is it… should “_msdcs” be in connector/s4/mapping/dns/ignorelist or not ?