Group Policy operations fail due to sysvol MSDFS referral link pointing to wrong path in ADC.

  • 7009466
  • 13-Jun-2012
  • 14-Jun-2012


Domain Services for Windows
Novell Open Enterprise Server 2 Support Pack 3
Novell Open Enterprise Server 11
SUSE Linux Enterprise Server 10 Service Pack 4


After the installation of Samba version 3.0.36-, the execution of the login scripts and GPO's fails when the workstation connects to an ADC during the login process.
The issue only occurs in environments having DSfW Additional Domain Controllers.

When the "gpupdate /force" command is executed on a workstation the following error message is being returned.
Error: Group policies path was not found in the specified location

When the DSfW Additional Domain Controller is affected by the issue, when accessing \\\sysvol from a workstation the following directory structure is displayed:
- Policies
- scripts
- sysvol

When the DSfW Additional Domain Controller is not affected, the following directory structure is displayed while accessing \\\sysvol from a workstation.

In this case \\\sysvol\ contains the following directory structure:
- Policies
- scripts
- sysvol


The Additional Information section contains a script which can be used to correct the issue.

Verify the Sysvol DFS referral links in the following location by running the ls -l command on the DSfW Additional Domain Controller.

Prior to the execution of the script, the symbolic link looks as follows:
ls -l /var/opt/novell/xad/msdfs

This is also how the symbolic link should look when an earlier version of samba is installed.
The script should only be used in combination with samba-3.0.36- or newer.

Use the script to modify the symbolic link on each  DSfW Additional Domain Controller.

Steps to apply:
Copy the script to /tmp/
chmod 700 /tmp/

After the execution of the script, the symbolic link should look as follows:
ls -l /var/opt/novell/xad/msdfs


Reported to Engineering

Additional Information

Contact Novell Support and reference this TID for the or create the script by copying and pasting the below information.


    Message=`echo "$*"`;
    echo "$Message";

    RootDomain=$(/opt/novell/xad/share/dcinit/ "Root Domain" 2> /dev/null);
    LinkFile=$(ls /var/opt/novell/xad/msdfs/ 2>/dev/null);
    if [ "$RootDomain" = "$LinkFile" ]
            Log "Link File present, proceeding with modify";
            LinkValue=$(ls -l /var/opt/novell/xad/msdfs/$LinkFile | awk -F"-> " '{print $2}' 2>/dev/null);
        if [ $LinkValue = "" ]
               Log "Unable deduce the link value for $LinkFile";
               exit 1;
           Log "Current Link value $LinkValue"

        Link1=$(echo $LinkValue | sed "s/msdfs\\\\${RootDomain},/msdfs,/i");
        NewLink=$(echo $Link1 | sed "s/sysvol\\\\${RootDomain}$/sysvol/i");
        Log "Setting the new link as -- $NewLink";
        cd /var/opt/novell/xad/msdfs/;
        rm $RootDomain;
        ln -sf $NewLink $RootDomain;
        cd - 2>&1 > /dev/null;
        LinkValue=$(ls -l /var/opt/novell/xad/msdfs/$LinkFile);
        Log "Active link is $LinkValue";
        chown -R administrator:"domain admins" /var/opt/novell/xad/msdfs/
        echo "Link Not present. Execute this script only on ADC"
        exit 1
        exit 0
main $@