I inherited two zentyal servers, one PDC and one BDC. They started life as somewhere around Zentyal 4, but through a rough life of upgrades and clean installs have ended up as the PDC running 5.1 and the BDC running 6.1. The problem is that only a few of the users in the domain are being replicated to the BDC. We have around 50 users in the domain but only about 15 are replicated, and it's all users created in the last year or so. Another thing I've noticed is that if I add a user to a group on the PDC, in the textbox for the user to add, the interface shows me a list of users which matches the users that are actually replicated to the BDC.
So it seems to me that users that were created before some change have been corrupted in some way. They can be used to authenticate, but they aren't replicated to the BDC and Zentyal won't show them when offering a list of users to add to a group.
I also see alot of
Discarding older DRS linked attribute update to member
in the logs.
I ran
# samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes
which found and fixed a lot of errors, but the symptoms still remain. I tried restarting
samba-ad-dc.service but nothing. I haven't tried restarting zs out of fear of what might
happen since I only have one working DC now. Anyone with a possible cause and/or solution
other than spinning up two new servers and starting over?